Here’s how malicious Android apps are sneaking malware onto your phone

-

Here's how malicious Android apps are sneaking malware onto your phone

Droppers are sneaking passed Google security checks into the Play store and onto your Android phone.
Droppers are sneaking passed Google security checks into the Play store and onto your Android phone.

Image: NurPhoto via Getty Images

2018%2f06%2f26%2fc2%2f20182f062f252f5a2fphoto.d9abc.b1c04By Matt Binder

If you've ever wondered why those pesky pop-ups are showing up on your Android phone, you may be shocked to learn that it could be infected with malware — and it might have came through the official Google Play Store.

As Bleeping Computer points out in a new report, malicious app developers have been using a surprisingly successful trick to sneak malware into the Google Play Store, and ultimately onto your phone. The method is performed using something called "droppers," which is a type of code hidden deep within an app that attacks a device with malware in multiple stages. 

Droppers can be hard to detect, because they're basically coded into an app. It's an infection. The dropper itself usually isn't coded to cause any harm outright. Droppers get its foot in the door and over time downloads the malicious harmful malware to your device.

The reason why dropper deployment is growing is because they're successful in quietly gaining access to your Android phone. The reason why they're so successful is because they're winding up regularly on apps in the Google Play Store. 

Droppers essentially act as a trojan horse. When a dropper is coded into an app, it's fairly benign. With nothing threatening or malicious in the original code, it makes it very difficult to detect. Its purpose at this stage is not to launch an attack on the Android device the app is downloaded to. It's to gain access. When the app is submitted to the Play Store, Google runs security tests on the device and because the tests find nothing that would cause alarm on the app as-is, the application is usually approved and placed in the Play Store for Android users' consumption.

Some Malware coders have been so savvy, they've added an additional layer of trickery when coding them. Timers are often added to space out the execution of the malware. Sometimes malware is deployed based on a person's usage of or permission given to an app.

The existence of droppers dates back well before Android and Android-targeting malware. However, unlike a desktop computer, most smartphones don't use antivirus software. Cybersecurity companies and research firms have been warning about the growth in use of droppers in the mobile market for some time now. For example, a report by Avast Threat Labs discovered that some Android devices, which are not certified by Google, manufactured by companies like ZTE and Archos, come pre-installed with malware deploying droppers. 

Apple's iOS store requires applications go through a much more stringent testing process before the app becomes available to download on your iPhone. Apple also does not allow iOS apps to download, install, and execute code. This kills the functionality of a dropper, which depends on those later stage future downloads to actually deploy the dangerous malware. If Google is looking to stop malware from finding a way onto its Android devices, they may need to rethink the terms of its Play store and what it allows Android app developers to do.

One thing is for sure. Fighting droppers will be a challenge for Google.


#Google #Android #Smartphones #OS #News @ndrdnws #ndrdnws #AndroidNews

Popular Posts:

Do more from your inbox with Gmail Add-ons

-
Image
For many of us, email is mission control—the prompt to generate an invoice, prepare a presentation or follow up on a sales opportunity. With so many to-dos, imagine if you could complete these tasks directly from your inbox without interrupting your workflow. We believe email can do more, which is why we're launching Gmail Add-ons, a new way to work with your favorite business apps directly in Gmail. Gmail Add-ons, built for your workflows Rather than toggling between your inbox and other apps, use add-ons to complete actions right from Gmail. With Gmail Add-ons, your inbox can contextually surface your go-to app based on messages you receive to help you get things done faster. And because add-ons work the same across web and Android, you only need to install them once to access them on all of your devices. Click the settings wheel on the top right of your inbox and then "Get add-ons" to get started. We made Gmail Add-ons available in developer p
Continue Reading....

Apple is postponing new iOS features in favor of reliability and performance

-
Image
Apple has decided to postpone new features in iOS in favor of improving the reliability and performance of the operating system, as according to a report by Axios. According to the report, Craig Federighi, Senior Vice President, Software Engineering, announced the revised plan to employees at a meeting earlier this month. This pushes features like refresh of the homescreen and in-car user interface, improvements to core apps like Mail and camera experience to 2019. What we will get this year is improvements to AR, digital health and parental controls. Apart from that, the OS will largely feature improvements to performance and user experience. We have seen Apple do this with macOS in the past, where they dedicate one entire update cycle to just refining the OS and make existing features work better. However, we have never quite seen Apple do that on iOS. This is largely due to the hyper competitive nature of the mobile market where competition and customer demands push companies t
Continue Reading....

This is Samsung’s official spec sheet for the Galaxy S8 and S8+

-
Image
The Galaxy S8 and Galaxy S8+ have finally been unveiled, and our hands-on experience with the devices is available for everyone to see. Everyone has a pretty good idea about the devices’ specifications at this point, but for those wanting to see it, we have added the official spec sheet offered by Samsung below. Remember, detailed specs are also available from our devices page . Oh, and don’t remember to take a look at what we think about Samsung’s new flagships .
Continue Reading....

Jurassic VR - Google Cardboard

-
Image
Jurassic VR - Google Cardboard Rabbit Mountain Adventure VERSION/BUILD: 1.6.4 UPDATED: 28 January 2018 REQUIRES ANDROID: 4.4 and up FILE SIZE: 66.4 M Walking with the dinosaurs! Roam the earth and experience prehistoric times in Virtual Reality. Celebrating 4+ million downloads! Have you ever wanted to meet Dinosaurs in real life? Experience the ultimate dino ride with Jurassic VR - Google Cardboard Freely roam the open environment en poke round the beautiful cedar evergreen trees to see huge dinos come to life. You can go to any point and see the sites and dinos in VR. Players get to experience the site at their own pace and the mission is simple; enjoy and discover the world of prehistoric dinosaurs before the modern world cities were built. It's like a virtual reality attraction traveling you back to prehistoric times! The ultimate experience There is no need anymore to become an archaeologist and dig the earth
Continue Reading....

DJI Mavic Air: could this be the definitive drone?

-
Image
DJI showcased its new Mavic Air drone in New York. The third quadcopter in this series is of similar quality to its predecessors and can also fold its arms for better portability. For its size, no competitor offers so much in terms of photo quality. Release date and price The DJI Mavic Air can be ordered through the official DJI website  and is also available from other retailers. The drone is available in three colors: marengo grey, white and red. We can buy the Mavic Air in a basic pack with remote control, protections, charger, cover, propeller replacement and a battery from US$799 (£769 in the UK). Often, one battery is not enough so there is a more complete pack available with three batteries, charger for four batteries and two propeller replacements from $999 (£949 in the UK). The red model reminds me of a Porsche. / © AndroidPIT Design and build quality In essence, it is th
Continue Reading....