Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Monday December 10 2018, @03:55AM   Printer-friendly
from the shining-a-light dept.

Submitted via IRC for SoyCow1984

22 apps with 2 million+ Google Play downloads had a malicious backdoor

Almost two dozen apps with more than 2 million downloads have been removed from the Google Play market after researchers found they contained a device-draining backdoor that allowed them to surreptitiously download files from an attacker-controlled server.

The 22 rogue titles included Sparkle Flashlight, a flashlight app that had been downloaded more than 1 million times since it entered Google Play sometime in 2016 or 2017, antivirus provider Sophos said in a blog post published Thursday. Beginning around March of this year, Sparkle Flashlight and two other apps were updated to add the secret downloader. The remaining 19 apps became available after June and contained the downloader from the start.

By the time Google removed the apps in late November, they were being used to click endlessly on fraudulent ads. "Andr/Clickr-ad," as Sophos has dubbed the family of apps, automatically started and ran even after a user force-closed them, functions that caused the apps to consume huge amounts of bandwidth and drain batteries. In Thursday's post, Sophos researcher Chen Yu wrote:

Andr/Clickr-ad is a well-organized, persistent malware that has the potential to cause serious harm to end users, as well as the entire Android ecosystem. These apps generate fraudulent requests that cost ad networks significant revenue as a result of the fake clicks. From the user's perspective, these apps drain their phone's battery and may cause data overages as the apps are constantly running and communicating with servers in the background. Furthermore, the devices are fully controlled by the C2 server and can potentially install any malicious modules upon the instructions of the server.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by pkrasimirov on Monday December 10 2018, @11:05AM (1 child)

    by pkrasimirov (3358) Subscriber Badge on Monday December 10 2018, @11:05AM (#772312)

    My first thought exactly. If some vanity app asks me to read/write my contacts, read/write pictures, connect to Internet etc. then it is not vanity app.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Tuesday December 11 2018, @06:22AM

    by Anonymous Coward on Tuesday December 11 2018, @06:22AM (#772774)

    "Noroot firewall"

    It is a VPN like app that blocks internet connections unless allowed.