Search results for Play Store | Breaking Cybersecurity News | The Hacker News

Even after so many efforts by Google, malicious apps somehow managed to fool its Play Store's anti-malware protections and infect people with malicious software. The same happened once again when at least 50 apps managed to make its way onto Google Play Store and were successfully downloaded as many as 4.2 million times—one of the biggest malware outbreaks. Security firm Check Point on Thursday published a blog post revealing at least 50 Android apps that were free to download on official Play Store and were downloaded between 1 million and 4.2 million times before Google removed them. These Android apps come with hidden malware payload that secretly registers victims for paid online services, sends fraudulent premium text messages from victims' smartphones and leaves them to pay the bill—all without the knowledge or permission of users. Dubbed ExpensiveWall by Check Point researchers because it was found in the Lovely Wallpaper app, the malware comes hidden in fre

If you think you are downloading apps from Google Play Store and you are secure, then watch out! Someone has managed to flood third-party app stores and Google Play Store with more than a thousand malicious apps, which can monitor almost anything a user does on their mobile device from silently recording calls to make outbound calls without the user's interaction. Dubbed SonicSpy , the spyware has been spreading aggressively across Android app stores since at least February and is being distributed by pretending itself to be a messaging app—and it actually offers a messaging service. SonicSpy Can Perform a Whole Lots of Malicious Tasks At the same time, the SonicSpy spyware apps perform various malicious tasks, including silently recording calls and audio from the microphone, hijacking the device's camera and snap photos, making outbound calls without the user's permission, and sending text messages to numbers chosen by the attacker. Besides this, the SonicSpy sp

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Google's Android Mobile operating system for smartphones and tablets have Google's own Play Store that provides its Android users the most visible way to access the world of millions of apps. App developers produce more than thousands of applications each year, but majority of newbie and unprofessional developers use unsafe, unreliable, and insecure coding practices, as many developers store secret keys in their apps that could potentially allow cybercriminals to steal users' sensitive data. A team of researchers from the computer science department of the Columbia University have discovered a critical security problem in the Google's official Android app store from where millions of Android users download various apps. Researchers have found that most of the Android application developers often store their secret keys in their app's code, similar to usernames/passwords information, which could be then used by any bad actor to maliciously steal users' information or r

If you are wondering how to receive latest updates for an Android app—installed via a 3rd party source or peer-to-peer app sharing—directly from Google Play Store. For security reasons, until now apps installed from third-party sources cannot be updated automatically over-the-air, as Google does not recognize them as Play Store apps and they do not show up in your Google account app list as well. Late last year, Google announced its plan to set up an automated mechanism to verify the authenticity of an app by adding a small amount of security metadata on top of each Android application package (in the APK Signing Block) distributed by its Play Store. This metadata is like a digital signature that would help your Android device to verify if the origin of an app you have installed from a third-party source is a Play Store app and have not been tempered, for example, a virus is not attached to it. From early 2018, Google has already started implementing this mechanism, which doesn

Do you like watching funny videos online? I am not kind of a funny person, but I love watching funny videos clips online, and this is one of the best things that people can do in their spare time. But, beware if you have installed a funny video app from Google Play Store. A security researcher has discovered a new variant of the infamous Android banking Trojan hiding in apps under different names, such as Funny Videos 2017 , on Google Play Store. Niels Croese, the security researcher at Securify B.V firm, analyzed the Funny Videos app that has 1,000 to 5,000 installs and found that the app acts like any of the regular video applications on Play Store, but in the background, it targets victims from banks around the world. This newly discovered banking Trojan works like any other banking malware, but two things that makes it different from others are — its capability to target victims and use of DexProtector tool to obfuscate the app's code. Dubbed BankBot , the banking

Even after Google's security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers' existing accounts, is enough for 'bad-faith' developers to trick the Play Store into distributing unsafe apps to Android users. Since the mobile device platform is growing rapidly, every new effort Google makes apparently comes with trade-offs. For example, Google recently made some changes in its Play Store policies and added new restriction in Android APIs that now makes it mandatory for every new app to undergo rigorous security testing and review process before appearing in the Google Play Store. These efforts also include: restricting developers from abusing Android accessibility services, restricting apps access to certain permissions like call logs and SMS permi

Last Weekend Google Play Store was crashed twice by a Turkish hacker when he tried to test vulnerability he discovered on the Android  apps  publishing system, known as Google's Developer Console . Turkish hacker ' Ibrahim Balic ' claimed responsibility for the Google Play Store attack and told ' The Hacker News ', he found a flaw in the Android operating system while working with Android tools i.e. Compiler, debugger on his Emulators, that was crashing again and again.  ' I successfully confirmed that it affects Android 4.2.2 , 4.3 and 2.3 ' he said. Then he created an Android app to exploit the vulnerability, ' causes a possible memory corruption '  and uploaded it to the Google's Developer Console. Unfortunately, OR Luckily the malformed Android app crashed whole Google's Developer Console, and he didn't expect that the app will knock everyone offline from Play Store. He was not sure about the outage caused by him or not,

Even after so many efforts by Google for making its Play Store away from malware, shady apps somehow managed to fool its anti-malware protections and infect people with malicious software. A team of researchers from several security firms has uncovered two new malware campaigns targeting Google Play Store users, of which one spreads a new version of BankBot , a persistent family of banking Trojan that imitates real banking applications in efforts to steal users' login details. BankBot has been designed to display fake overlays on legitimate bank apps from major banks around the world, including Citibank, WellsFargo, Chase, and DiBa, to steal sensitive information, including logins and credit card details. With its primary purpose of displaying fake overlays, BankBot has the ability to perform a broad range of tasks, such as sending and intercepting SMS messages, making calls, tracking infected devices, and stealing contacts. Google removed at least four previous versions

About a week back we reported about a popular paid Antivirus application on the Google Play Store which was actually a scam, dubbed as ' Virus Shield '. This First paid fake app managed to become one of the most popular anti-virus app in less than a week, and apparently more than 10,000 Smartphones users purchased it in $3.99 from Google Play Store and hence scammed more than $40,000. The Virus Shield Android App claimed to protect users' personal information from harmful viruses, malware and spyware, but in actual app doesn't scan anything and was removed from the store once the fraud had been uncovered. If you were one that had downloaded the Virus Shield Antivirus app , then don't worry, just check your email inbox, because Google cares about you and reaching out all those affected android users who purchased the app, in order to refund their money in full. REFUND WITH $5 BONUS CREDIT According to Android Police , Google has decided to refund $3.99 back to us

With the rise in mobile market, last year we have seen sharp growth in malicious ' adware ' — the most prevalent mobile threat in the world. And now, security researchers have once again found Google Play Store offering malicious apps that are infecting millions of Android users with adware . It's not at all surprising that the Android operating system is surrounded by a number of unwanted intrusions that may gain users' attention to fall victim for one, but this issue might be even worse than we thought. WHAT IS ADWARE ? For those not familiar with adware, adware is a software that automatically displays or downloads advertising material like banners or pop-ups when a user is online. Doesn't sound dangerous, Right? But adware could result in a serious threat to users. Android Adware can pose a major threat to users' privacy, since some ad networks gather personal information like phone number, email address, and many more. Depending on where the ad netwo

Cybersecurity researchers took the wraps off yet another instance of Android malware hidden under the guise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their knowledge. In a report published by Check Point research today, the malware — infamously called Joker (or Bread) — has found another trick to bypass Google's Play Store protections: obfuscate the malicious DEX executable inside the application as Base64 encoded strings, which are then decoded and loaded on the compromised device. Following responsible disclosure by Check Point researchers, the 11 apps ( list and hashes here ) in question were removed by Google from the Play Store on April 30, 2020. "The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections," said Check Point 's Aviran Hazum, who identified the new modus operandi of Joker malware. "Although Google removed the malicious apps from the P

So you love Minecraft ? You might want to be very careful before downloading the cheats for the popular Minecraft game from Google Play Store. Nearly 3 Million users have downloaded malicious Minecraft Android applications for their smartphone and tablets from the Google Play store, security researchers warned. The security researchers from IT security firm ESET have uncovered as many as 33 fake "scareware" applications that have been uploaded to the Google Play store in the course of the past 9 months, masquerading as Minecraft cheats and tip guides. These malicious applications have been downloaded between 660,000 and 2.8 million times. "All of the discovered apps were fake in that they did not contain any of the promised functionality and only displayed banners that tried to trick users into believing that their Android system is infected with a dangerous virus," ESET researcher Lukas Stefanko wrote in a blog post . Once downloaded, these mali

Even after so many efforts by Google like launching bug bounty program and preventing apps from using Android accessibility services , malicious applications somehow manage to get into Play Store and infect people with malicious software. The same happened once again when security researchers discovered at least 85 applications in Google Play Store that were designed to steal credentials from users of Russian-based social network VK.com and were successfully downloaded millions of times. The most popular of all masqueraded as a gaming app with more than a million downloads. When this app was initially submitted in March 2017, it was just a gaming app without any malicious code, according to a blog post published Tuesday by Kaspersky Lab. However, after waiting for more than seven months, the malicious actors behind the app updated it with information-stealing capabilities in October 2017. Besides this gaming app, the Kaspersky researchers found 84 such apps on Google Play

Initially thought to be 600,000 users, the number of Android users who have mistakenly downloaded and installed malware on their devices straight from Google Play Store has reached 2 Million. Yes, about 2 Million Android users have fallen victim to malware hidden in over 40 fake companion guide apps for popular mobile games, such as Pokémon Go and FIFA Mobile, on the official Google Play Store, according to security researchers from Check Point. Dubbed FalseGuide by the Check Point researchers, the malware creates a " silent botnet out of the infected devices " to deliver fraudulent mobile adware and generate ad revenue for cybercriminals. Nearly 2 Million Android Users Infected! While initially it was believed that the oldest instance of FalseGuide was uploaded to the Google Play in February and made its way onto over 600,000 devices within two months, further in-depth analysis by researchers revealed more infected apps which date back to November 2016. "

Cybercriminals are known to take advantage of everything that's popular among people in order to spread malware, and Google's official Play Store has always proved no less than an excellent place for hackers to get their job done. Yesterday some users spotted a fake version of the most popular WhatsApp messaging app for Android on the official Google Play Store that has already tricked more than one million users into downloading it. Dubbed Update WhatsApp Messenger , came from an app developer who pretended to be the actual WhatsApp service with the developer title "WhatsApp Inc."—the same title the actual WhatsApp messenger uses on Google Play. You might be wondering how the sneaky app developer was able to use the same title as the legitimate Facebook-owned maker of the messaging client—thanks to a Unicode character space. The app maker added a Unicode character space after the actual WhatsApp Inc. name, which in computer code reads WhatsApp+Inc%C2%A0 .

Well, we all are very conscious, when it comes to the security of our personal information, security of our financial data and security of everything related to us. In the world of Smart devices where our Smartphones knows more than we know ourselves. To keep our device protected from harmful viruses, malware or spyware, we totally depend on various security products such as antivirus, firewall and privacy guard apps, that we typically install from some trusted sources, Google Play Store. Most Antivirus apps are available to download for free, but some of them are paid with extra premium features like advance firewall protection, anti theft, App Locker or Cloud Backup etc. But do you believe that just because you're downloading an application from an official app store and also if its a premium paid version, you're safe from malicious software? Think twice. PAID, BUT FAKE ANTIVIRUS APP In Past, Mobile Security Researchers had spotted numerous fake mobile anti