Hacking Team: Spywares at playstore..

jos · July 17, 2015

It appears that Hacking Team was able to build the fake app so that it looked legitimate enough to be accepted into the Google Play app store. Nestled inside the app's code, however, was a backdoor to make it a mobile spy tool. Trend Micro writes that this app was available for download until as recently as July 7.

The research firm also discovered a how-to section, which, according to Trend Micro, included "detailed instructions on how customers can manipulate the backdoor as well as a ready-made Google Play account they can use."

It seems this BeNews app was only downloaded about 50 times, but the discovery on its own indicates that Hacking Team created a way to build mobile malware that could make it into the Google Play store without alerting Google. While executing this sort of attack requires getting access to a target's phone and individually downloading the app, it does highlight a huge problem for Google Play's app vetting..

Hacking team looks like snowden news

Source: http://blog.trendmicro.com/trendlabs-security-intelligence/fake-news-app-in-hacking-team-dump-designed-to-bypass-google-play/

Zefues · July 17, 2015

I think my aunt downloaded this app, I'm not sure.

NinerL · July 17, 2015

Expected, Google's clumsy playstore security verification process. They might as well ship all android builds with preinstalled hacking team apps!

rgon · July 17, 2015

Actually, there have been several reports of apps full of spyware on the App Store, such as "Tor Browser", which was active for quite a long time until last year.

Title available since November [2013] [post posted at March 2014] raises questions about App Store vetting process.

-Arstechnica

Apple has never described exactly what its process is for ensuring the titles in its App Store are safe. Although the comparatively fewer reports of rogue apps for iOS suggest that the review process is more stringent than Google's, the report ticket from Tor's high-ranking members suggests that Apple may not be doing everything it can or should do to protect iPhone and iPad users.

-Arstechnica

http://arstechnica.com/security/2014/03/fake-tor-browser-for-ios-laced-with-adware-spyware-members-warn/

The reason why it is generally said that apple's verification process is better because the time between you upload the app and it becomes available is usually a week, and Google's process only takes a day. That also makes the Play Store much more attractive to attack, along with the fact that Java is usually better known and (due to that) easier to develop malware in.

The amount of time that app was up and downloadable is by no means acceptable. That's actually much better than having a one-week lasting malware app. Or several of them. What are the chances for you, a tech-savvy person with a decent "bullshit alarm" developed to download it? Seriously. The people without a good knowledge won't donwload it. They will just stick to the apps they already have.

Now that this vulnerability is known, Google Play will not allow any app with a similar excerpt of code.

The fact that Apple had left the app alone even after being notified of potential issues is much more concerning than having one leaked app to the market. (http://securitywatch.pcmag.com/apple-ios-iphone-ipad-ipod/321803-fake-tor-browser-app-for-ios-full-of-adware-spyware)