#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Google Play Store | Breaking Cybersecurity News | The Hacker News

Android Bitcoin-Mining Malware found on Google Play Store

Android Bitcoin-Mining Malware found on Google Play Store

Apr 25, 2014
Google always bound to face trouble over the wide and open nature of its app checking policies on Google Play Store, and despite so many security measures, the search engine giant mostly fails to recognize the Android malware that are lurking around its Google Play store in vast numbers. Recently, Google had offered users refund and additional credit of $5 for the bogus antivirus app ' Virus Sheild ' that potentially defrauded more than 10,000 Android users who have downloaded the app from the Google play store. The step taken by Google is really appreciated, as the refunding cost Google around $269,000. Now, it has been found that a number of malicious Android apps on the Google Play store secretly turn users' android devices into small rigs contributing to a large-scale crypto currency mining operation. CRYPTO MINER IN ANDROID APP Security researchers from an anti-malware firm Lookout have identified various malware apps at Google Play Store, which they dub
Google Gives Refund to Thousands of Buyers Who Bought Bogus Android AntiVirus App

Google Gives Refund to Thousands of Buyers Who Bought Bogus Android AntiVirus App

Apr 22, 2014
About a week back we reported about a popular paid Antivirus application on the Google Play Store which was actually a scam, dubbed as ' Virus Shield '. This First paid fake app managed to become one of the most popular anti-virus app in less than a week, and apparently more than 10,000 Smartphones users purchased it in $3.99 from Google Play Store and hence scammed more than $40,000. The Virus Shield Android App claimed to protect users' personal information from harmful viruses, malware and spyware, but in actual app doesn't scan anything and was removed from the store once the fraud had been uncovered. If you were one that had downloaded the Virus Shield Antivirus app , then don't worry, just check your email inbox, because Google cares about you and reaching out all those affected android users who purchased the app, in order to refund their money in full. REFUND WITH $5 BONUS CREDIT According to Android Police , Google has decided to refund $3.99 back to us
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Turkish Hacker Crashes Google Play Store Twice while testing vulnerability

Turkish Hacker Crashes Google Play Store Twice while testing vulnerability

Mar 18, 2014
Last Weekend Google Play Store was crashed twice by a Turkish hacker when he tried to test vulnerability he discovered on the Android  apps  publishing system, known as Google's Developer Console . Turkish hacker ' Ibrahim Balic ' claimed responsibility for the Google Play Store attack and told ' The Hacker News ', he found a flaw in the Android operating system while working with Android tools i.e. Compiler, debugger on his Emulators, that was crashing again and again.  ' I successfully confirmed that it affects Android 4.2.2 , 4.3 and 2.3 ' he said. Then he created an Android app to exploit the vulnerability, ' causes a possible memory corruption '  and uploaded it to the Google's Developer Console. Unfortunately, OR Luckily the malformed Android app crashed whole Google's Developer Console, and he didn't expect that the app will knock everyone offline from Play Store. He was not sure about the outage caused by him or not,
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Google and Apple app Store removing all Games with "Flappy" word in Title

Google and Apple app Store removing all Games with "Flappy" word in Title

Feb 17, 2014
After the developer of Flappy Bird pulled the gaming app from both the Apple and Google app stores, it led to the creation of dozens and dozens of Flappy Bird clones that are trying to cash in on the popularity of the original title. Also Security researchers from multiple anti-malware firms have recently identified a number of malicious versions of Flappy Bird apps. In Order to protect Smartphone users from installing malicious applications that pretend to be the one associated with the previous Flappy Bird app, Google and Apple have finally decided to reject all games and application that contain ' Flappy ' in the title on app Stores. Ken Carpenter, another app developer with Mind Juice Media, posted on his Twitter account that his newly developed app, which he named Flappy Dragon , got rejected from Apple's app Store because the name " attempts to leverage a popular app " According to Ken, 'Flappy' in app title are being rejected by Apple under a violatio
300000 Android Devices infected by Premium SMS-Sending Malware

300000 Android Devices infected by Premium SMS-Sending Malware

Feb 15, 2014
Downloading various apps blindly from Google play store may bring you at risk in terms of money.  PandaLabs , the Cloud Security Company, has identified malicious Android apps on Google Play that can sign up users for premium SMS subscription services without their permission and so far it has infected at least 300,000 Android users, although the number of malicious downloads could have reached 4 times higher i.e. 1,200,000 users. The four apps found free in the app store that came packaged with a premium SMS scam that dubbed as "Easy Hairdos", "Abs Diets", "Workout Routines" and "Cupcake Recipes" and are among the malicious apps available for free download on Google Play store . From the above app, say if 'Abs Diet' has been installed on your phone and once the user has accepted the terms and conditions of the service, the app displays a series of tips to reduce abdominal fat and then without the user's knowledge, the app l
Flappy Bird app clones send text messages to Premium Number

Flappy Bird app clones send text messages to Premium Number

Feb 15, 2014
Flappy Bird , developed by a 29-year old, Dong Nguyen , was one of the top free gaming apps of the last month, but now officially unavailable for users. After achieving income of $50,000 per day in advertising revenue, Dong Nguyen pulled out Flappy Bird gaming app from all the web app stores and now it's permanently dead. " Flappy Bird was designed to play in a few minutes when you are relaxed ," says Dong Nguyen, in an exclusive interview with Forbes. " But it happened to become an addictive product. I think it has become a problem. To solve that problem, it's best to take down Flappy Bird. It's gone forever. " Till now the reason is not clear from Dong's statement that why exactly he quit the app, but it's clear that his decision have given opportunity for hackers for creating a malicious version of this app and the app's popularity will help them to gain success in spreading Smartphone  malware to mass and hence, the malicious apps are available in play stores with
First widely distributed Android bootkit Malware infects more than 350,000 Devices

First widely distributed Android bootkit Malware infects more than 350,000 Devices

Jan 29, 2014
In the last quarter of 2013, sale of a Smartphone with ANDROID operating system has increased and every second person you see is a DROID user. A Russian security firm ' Doctor Web' identified the first mass distributed Android bootkit malware called ' Android.Oldboot ', a piece of malware that's designed to re-infect devices after reboot, even if you delete all working components of it. The bootkit Android.Oldboot has infected more than 350,000 android users in China, Spain, Italy, Germany, Russia, Brazil, the USA and some Southeast Asian countries. China seems to a mass victim of this kind of malware having a 92 % share. A Bootkit is a rootkit malware variant which infects the device at start-up and may encrypt disk or steal data, remove the application, open connection for Command and controller. A very unique technique is being used to inject this Trojan into an Android system where an attacker places a component of it into the boot
First Ever Windows Malware that can hack your Android Mobile

First Ever Windows Malware that can hack your Android Mobile

Jan 24, 2014
Hey Android users! I am quite sure that you must be syncing your Smartphone with your PCs for transferring files and generating backup of your device.  If your system is running a windows operating system, then it's a bad news for you. Researchers have discovered a new piece of windows malware that attempts to install mobile banking malware on Android devices while syncing. Last year in the month of February, Kaspersky Lab revealed an Android malware that could infect your computer when connected to Smartphone or tablets.   Recently, Researchers at Symantec antivirus firm discovered another interesting windows malware called ' Trojan . Droidpak ', that drops a malicious DLL in the computer system and then downloads a configuration file from the following remote server: https://xia2.dy[REMOVED]s-web.com/iconfig.txt The Windows Trojan then parses this configuration file and download a malicious APK (an Android application) from the following location on the
Mouabad Android Malware calling to Premium numbers; Generating revenue for its Master

Mouabad Android Malware calling to Premium numbers; Generating revenue for its Master

Dec 11, 2013
Android platform is a primary target for malware attacks from few years and during 2013, more than 79% of mobile operating malware threats are taking place on Android OS. I have been working on Android Malware architectures since last two years and created 100's of sample of most sophisticated malware for demo purpose. Till now we have seen the majority of Android malware apps that earn money for their creators by sending SMS messages to premium rate numbers from infected devices. Security researchers at Lookout identified an interesting monetized Android Malware labeled as ' Mouabad ', that allow a remote attacker to make phone calls to premium-rate numbers without user interaction from C&C servers by sending commands to the malware. The technique is not new, but infection from such app notified first time in the wild. The variant dubbed MouaBad . p. , is particularly sneaky and to avoid detection it waits to make its calls until a period of time after the scree
Rogue Android Gaming app that steals WhatsApp conversations

Rogue Android Gaming app that steals WhatsApp conversations

Dec 07, 2013
Google has recently removed a Rogue Android gaming app called " Balloon Pop 2 " from its official Play store that was actually stealing user's private Whatsapp app conversations. Every day numerous friends ask me if it is possible to steal WhatsApp chat messages and how, of course a malware represents an excellent solution to the request. In the past I already posted an article on the implementation of encryption mechanisms for WhatsApp application explaining that improper design could allow attackers to snoop on the conversation. Spreading the malware through an official channel the attacker could improve the efficiency of the attack, and it is exactly what is happening, an Android game has been published on the official Google Play store to stealthy steal users' WhatsApp conversation databases and to resell the collection of messages on an internet website. The games titled " Balloon Pop 2 " has been fortunately identified and removed from the official Google Play
New Android Banking Trojan targeting Korean users

New Android Banking Trojan targeting Korean users

Oct 24, 2013
A very profitable line for mobile malware developers is Android Banking Trojans, which infect phones and steal passwords and other data when victims log onto their online bank accounts. One recent trend is Android malware that attacks users in specific countries, such as European Countries, Brazil and India.  The Antivirus software maker Malwarebytes noticed that a new threat distributed via file sharing sites and alternative markets in the last few months, targets Korean users. Dubbed as ' Android/Trojan . Bank . Wroba ', malware disguises itself as the Google Play Store app and run as a service in the background to monitor events.  " This enables it to capture incoming SMS, monitor installed apps and communicate with a remote server. " According to the researcher, after installation - malware lookup for existence of targeted Banking applications on the device, remove them and download a malicious version to replace. " The malicious v
Google bans Facebook and other self updating Android apps

Google bans Facebook and other self updating Android apps

Apr 26, 2013
Google just released a new Play Store version 4.0.27 that, contains only very minor tweaks and Google has changed the rules of its Google Play Store to put an end to the practice of developers updating their apps through their own means rather than the official Google Play channel. Shortly before the Facebook Home launch, some users noticed a new version of Facebook was available on their device, but it wasn't through the Play Store. Instead, the update came directly through the app, bypassing the Store altogether. Under the " Dangerous Products " section of the Google Play developer policies, Google now states that " an app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism. " Essentially this means that once an app is downloaded by an Android user it cannot contact home base and auto-update its own operating code. Instead, it has to use the off
Android malware with ability to install Backdoor on Computers

Android malware with ability to install Backdoor on Computers

Feb 04, 2013
Kaspersky Lab has revealed a new type of malware that can infect your computer when connected smartphone or tablet. Two such application, Super Clean and DroidCleaner found in Google Play android market. These two are actually same application, just released with two different names. These applications apparently disguised as a tool to clean memory for the Android operating system but after installing and running it displays a list of all running some processes and then restart the device. Later, in background, the app downloads three files autorun.inf, folder.ico, and svchosts.exe in phone. When user connect infected android mobile phone to any Windows computer with active Autorun or Autoplay functionality for USB devices, the svchosts.exe file ( Backdoor.MSIL.Ssucl.a ) is automatically executed on computer. A similar situation may arise in case of SD card. Before apps were removed by Google, they may together have been downloaded up to 6000 times. Malicious code t
Developer expelled by Google Play Store on posting Malicious Android apps

Developer expelled by Google Play Store on posting Malicious Android apps

Jan 01, 2013
Google Play Developer Console enables developers to easily publish and distribute their applications directly to users of Android-compatible phones. Recently someone posted on Reddit that a developer is trying to spread malware by masquerading infected programs as legitimate software. The account of the developer called, " apkdeveloper " and readers spotted that they are posting fake malware apps by names of famous android games and apps, using the word "Super" as suffix to them, making them seem as an upgraded version of the game. The users can find the difference between the real app and malicious app by observing the device permissions, like as compared to the simple permissions like network access and read write access of the original Temple Run app, the ' Temple Run Super ' app asks for sensitive information like location, phone status, identity and access to user accounts. After many report abuse Google Play has removed the developer from the store p
Cybersecurity Resources