Google stated it blocked over 2.36 million policy-violating Android apps from being printed to the Google Play app market in 2024 and banned greater than 158,000 unhealthy developer accounts that tried to publish such dangerous apps.
The tech big additionally famous it prevented 1.3 million apps from getting extreme or pointless entry to delicate person knowledge in the course of the time interval by working with third-party app builders.
Moreover, Google Play Defend, a safety characteristic that is enabled by default on Android units to flag novel threats, recognized 13 million new malicious apps from outdoors of the official app retailer.
“Because of partnering carefully with builders, over 91% of app installs on the Google Play Retailer now use the newest protections of Android 13 or newer,” Bethel Otuteye and Khawaja Shams from the Android Safety and Privateness Crew, and Ron Aquino from Google Play Belief and Security stated.
Compared, the corporate blocked 1.43 million and 2.28 million dangerous apps from being printed to the Play Retailer in 2022 and 2023, respectively.
Google additionally stated the builders’ use of the Play Integrity API – which permits them to verify if their apps have been maliciously modified or are working in doubtlessly compromised environments – has seen a 80% decrease utilization of their apps from unverified and untrusted sources on common.
As well as, the corporate’s efforts to mechanically block sideloading of doubtless unsafe apps in markets like Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, Singapore, South Africa, Thailand, and Vietnam has secured 10 million units from a minimum of 36 million dangerous set up makes an attempt, spanning over 200,000 distinctive apps.
Complementing these initiatives, Google this week introduced it is introducing a brand new “Verified” badge for consumer-facing VPN apps which have efficiently accomplished a Cellular Software Safety Evaluation (MASA) audit. Google initially unveiled this plan in November 2023.
“This new badge is designed to spotlight apps that prioritize person privateness and security, assist customers make extra knowledgeable decisions concerning the VPN apps they use, and construct confidence within the apps they finally obtain,” it stated.
If something, the findings present that defending the Android and Google Play ecosystem is a steady effort, as new malware strains proceed to seek out their option to cellular units.
The newest instance is Tria Stealer, which has been discovered primarily concentrating on Android customers in Malaysia and Brunei. The marketing campaign is believed to be ongoing since not less than March 2024.
Distributed by way of private and group chats in Telegram and WhatsApp within the type of APK information, the malicious apps request delicate permissions that allow the harvesting of a variety of knowledge from apps like Gmail, Google Messages, Microsoft Outlook, Samsung Messages, WhatsApp, WhatsApp Enterprise, and Yahoo! Mail.
There may be some proof to counsel that the malware is the work of an Indonesian-speaking risk actor, owing to the presence of artifacts written within the Indonesian language and the naming conference of the Telegram bots used for internet hosting command-and-control (C2) servers.
“Tria Stealer collects victims’ SMS knowledge, tracks name logs, messages (for instance, from WhatsApp and WhatsApp Enterprise), and electronic mail knowledge (for instance, Gmail and Outlook mailboxes),” Kaspersky stated. “Tria Stealer exfiltrates the information by sending it to varied Telegram bots utilizing the Telegram API for communication.”
The stolen info is then used to hijack private messaging accounts resembling WhatsApp and Telegram, and impersonate victims in an effort to request cash transfers from their contacts to financial institution accounts underneath their management, and additional perpetuate the rip-off by distributing the malware-laced APK file to all their household and buddies.
The truth that Tria Stealer can be in a position to extract SMS messages signifies that the operators might additionally use the malware to steal one-time passwords (OTPs), doubtlessly granting them entry to varied on-line companies, together with banking accounts.
Kaspersky stated the marketing campaign displays some similarities with one other exercise cluster that distributed a chunk of malware dubbed UdangaSteal in 2023 and early 2024 concentrating on Indonesian and Indian victims utilizing wedding ceremony invitation, package deal supply, and buyer help lures. Nevertheless, there isn’t a proof at this stage to tie the 2 malware households to the identical risk actor.
