In late March, researchers from CheckPoint found the Tekya malware family, which was being used to carry out ad fraud, on Google Play. These apps have since been removed from the store, but we recently found a variant of this family that had made its way onto Google Play via five malicious apps, although these have also been removed. (We detect these as AndroidOS_Tekya.HRX.)Read More
The efficacy of mobile devices to actually produce cryptocurrency in any meaningful amount is still doubtful. However, the effects on users of affected devices are clear: increased device wear and tear, reduced battery life, comparably slower performance.
Think of third-party app stores as independent shops in the city where people go to as an alternative to the city mall. The mall practically has everything you need. In fact, almost everyone goes to the mall. The shops have items not available in the mall, and vice versa.Read More
We recently encountered a high-risk Android app detected as ANDROIDOS_STIP.A in Chile. This app, found distributed through forums and blogs, can be used to hack into the user’s RFID bus transit card to recharge the credits. What is the mechanism behind this, and what is the security risk of RFID payment cards in general? Paying via…Read More
Note: The author of the entry has been changed to Chengkai Tao. We’ve recently discovered a design flaw in Android devices that allows fake apps to hijack legitimate app updates, thus enabling the fake app to steal the information stored by the targeted legitimate app. The flaw lies in a common practice for mobile users in…Read More