We recently discovered several malicious optimizer, booster, and utility apps (detected by Trend Micro as AndroidOS_BadBooster.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or malicious payloads on affected devices.Read More
We discovered several beauty camera apps (detected as AndroidOS_BadCamera.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes. Some of these have already been downloaded millions of times, which is unsurprising given the popularity of these kinds of apps.Read More
We found malicious apps on Google Play trying to drop a banking malware payload on unsuspecting users. Motion sensor data was used to evade detection.Read More
The location-based, augmented reality mobile game Pokémon Go is taking the world by storm. Released to much fanfare on July 6th, the app has already overtaken the Facebook app in terms of usage on Android devices, and has been reported by Apple to be the most downloaded app ever during its first week of release. Unsurprisingly, scammers and cybercriminals are quick to cash in on its massive popularity, creating malicious versions of the game and related help apps that lock screens and deliver scareware and adware, even a remote access trojan.
We came across another how-to app in Google Play, touting its ability to help players easily earn Pokécoins, the app’s in-game currency (earned via gameplay or purchased with real-world money). It is in fact a scam.Read More
Although the Hacking Team leak took place several months ago, the impact of this data breach—where exploit codes were made public and spurred a chain of attacks—can still be felt until today. We recently spotted malicious Android apps that appear to use an exploit found in the Hacking Team data dumps. The apps, found in certain websites, could allow remote attackers to gain root privilege when successfully exploited. Mobile devices running on Android version 4.4 (KitKat) and below, which account for nearly 57% of total Android devices, are susceptible to attacks that may abuse this flaw.Read More