We recently discovered several malicious optimizer, booster, and utility apps (detected by Trend Micro as AndroidOS_BadBooster.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or malicious payloads on affected devices.
Read More We found three malicious apps in the Google Play store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that uses the use-after-free vulnerability.
Read More
We recently found 49 new adware apps on Google Play, disguised as games and stylized cameras. Before they were taken down by Google, the total number of downloads for these apps was more than 3 million. This recent incident continues an ongoing trend of mobile adware surges
Read More
We found an app on Google Play named “Yellow Camera”, which poses as a camera and photo beautification or editing app embedded with a routine of reading SMS verification codes from the System Notifications, and, in turn, activate a Wireless Application Protocol (WAP) billing. We disclosed our findings to Google, and the app, along with related ones we saw, are no longer in the Play store.
Based on the name of the file downloaded by the app, it appears it is mostly targeting users in Southeast Asia (e.g., Thailand, Malaysia). However, we’ve also seen the app targeting Chinese-speaking users, so it won’t be a surprise if the app gradually shifts or expands targets. While the app has already been taken down in the Play store, we found that the fraudsters uploaded similar apps to the app store.
Read More
We found hundreds of the fake apps on iOS App Store and Google Play, with descriptions that are inconsistent with their content. While the apps’ descriptions varied, they share the same suspicious behavior: They could transform into gambling apps that may get banned for violating local government regulations and app store policies.
Read More