Jump to content

Google found 300 infected apps

Shreyas1

https://www.theverge.com/2017/8/29/16219426/google-removes-apps-play-store-hijack-phones-ddos-attacks

 

Apparently, google's security team discovered 300 apps with malware in it that were used in DDoS attacks.

Quote from The Verge

Quote

Around 300 apps have been withdrawn from Google’s Play Store after they were found to be secretly hijacking Android devices to supply traffic for wide-scale distributed denial of service (DDoS) attacks, as noted by Gizmodo. Google removed apps that offered services like ringtones and storage managers after security researchers uncovered the “WireX” botnet was behind the ploy. Malware was hidden inside the affected apps, and as long as the device remained switched on it was used in DDoS attacks.

 So be careful what you download, even on phones. There could possibly be more of these types of malware. These apps offered ringtones and storage managers. According to The Verge

 

Quote

Google said in a statement it’s currently in the process of removing the malicious apps from affected devices, and some researchers say up to 70,000 devices in 100 countries could be compromised. Some of the WireX attacks also asked for ransom fees.

And some good news- multiple companies are fighting this malware and have written a joint blog post about it. Google has obviously blocked these apps, but there could be more.

 

https://blog.cloudflare.com/the-wirex-botnet/

 

Just be careful what you download, and I think this really shouldn't be a problem in the first place if you do.

 

Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

19 minutes ago, Shreyas1 said:

 So be careful what you download, even on phones.

More like especially on phones.  I feel like people are reasonably good at not downloading random shady stuff on PC, but phone apps like that seem to get people every time some how, which is especially concerning considering how many people seem to live on their phones, doing even important things like banking, etc.

 

AdobePhotoshopExpress_40795b9b019f4d6191ab4e7943ac7de1.jpg

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

Google should take a number out of Apples Book and have stricter guidelines on how apps are submitted and approved for distribution on the store. Charging for uploads is a good start.  

Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD)
Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Ryan_Vickers said:

More like especially on phones.  I feel like people are reasonably good at not downloading random shady stuff on PC, but phone apps like that seem to get people every time some how, which is especially concerning considering how many people seem to live on their phones, doing even important things like banking, etc.

 

AdobePhotoshopExpress_40795b9b019f4d6191ab4e7943ac7de1.jpg

I think the problem is that some people believe that google checks everything on the store and they think that malware is only limited to pc,

 

Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Shreyas1 said:

I think the problem is that some people believe that google checks everything on the store and they think that malware is only limited to pc,

well that would certainly be a problem lol 

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, DrMacintosh said:

Google should take a number out of Apples Book and have stricter guidelines on how apps are submitted and approved for distribution on the store. Charging for uploads is a good start.  

Considering we're free to side load whatever we want outside the app store, unlike iOS, I wouldn't care too much if the Play Store clamps down a bit.

My eyes see the past…

My camera lens sees the present…

Link to comment
Share on other sites

Link to post
Share on other sites

6 minutes ago, DrMacintosh said:

Google should take a number out of Apples Book and have stricter guidelines on how apps are submitted and approved for distribution on the store. Charging for uploads is a good start.  

I'd be curious to know how many new apps, and updates to existing apps are submitted per day, and what kind of manpower it would take to have experts thoroughly review the entire code for each one before approval.  I assume it would be impractical, but that's the only way to be completely sure they're safe.  inb4 they make an AI for this

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

10 minutes ago, Ryan_Vickers said:

More like especially on phones.  I feel like people are reasonably good at not downloading random shady stuff on PC, but phone apps like that seem to get people every time some how, which is especially concerning considering how many people seem to live on their phones, doing even important things like banking, etc.

 

AdobePhotoshopExpress_40795b9b019f4d6191ab4e7943ac7de1.jpg

hrm....

the file name is "adobephotoshopexpress" yatta yatta yatta

PSU Nerd | PC Parts Flipper | Cable Management Guru

Helpful Links: PSU Tier List | Why not group reg? | Avoid the EVGA G3

Helios EVO (Main Desktop) Intel Core™ i9-10900KF | 32GB DDR4-3000 | GIGABYTE Z590 AORUS ELITE | GeForce RTX 3060 Ti | NZXT H510 | EVGA G5 650W

 

Delta (Laptop) | Galaxy S21 Ultra | Pacific Spirit XT (Server)

Full Specs

Spoiler

 

Helios EVO (Main):

Intel Core™ i9-10900KF | 32GB G.Skill Ripjaws V / Team T-Force DDR4-3000 | GIGABYTE Z590 AORUS ELITE | MSI GAMING X GeForce RTX 3060 Ti 8GB GPU | NZXT H510 | EVGA G5 650W | MasterLiquid ML240L | 2x 2TB HDD | 256GB SX6000 Pro SSD | 3x Corsair SP120 RGB | Fractal Design Venturi HF-14

 

Pacific Spirit XT - Server

Intel Core™ i7-8700K (Won at LTX, signed by Dennis) | GIGABYTE Z370 AORUS GAMING 5 | 16GB Team Vulcan DDR4-3000 | Intel UrfpsgonHD 630 | Define C TG | Corsair CX450M

 

Delta - Laptop

ASUS TUF Dash F15 - Intel Core™ i7-11370H | 16GB DDR4 | RTX 3060 | 500GB NVMe SSD | 200W Brick | 65W USB-PD Charger

 


 

Intel is bringing DDR4 to the mainstream with the Intel® Core™ i5 6600K and i7 6700K processors. Learn more by clicking the link in the description below.

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, JDE said:

hrm....

the file name is "adobephotoshopexpress" yatta yatta yatta

not relevant

This is a real app I found though, just as an example of what kind of suspicious things are out there

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

A couple days ago I got a notification on my phone saying tons of new viruses discovered (Not on my device) from my cellular companies security bloatware. Then it said scanned each one of my apps.....I think 

Tech enthusiast and CS Student

 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Waiting for the list of affected apps.

CPU: Ryzen 7 5800X | MOBO: Gigabyte B550 Vision D | RAM: Crucial Ballistix RGB 32GB 3600MHz | GPU: Gigabyte RTX 3070 Vision D | PSU: Seasonic Focus+ Gold 750W

Link to comment
Share on other sites

Link to post
Share on other sites

10 minutes ago, koji said:

Waiting for the list of affected apps.

 

59 minutes ago, Ryujin2003 said:

I don't in infected, but where is the list of the malicious programs?

I think if you contact google, they'll give you a list. BUT, this is info is off a comment section in a link that I posted above, so I really don't know.

 

Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Ryan_Vickers said:

I'd be curious to know how many new apps, and updates to existing apps are submitted per day, and what kind of manpower it would take to have experts thoroughly review the entire code for each one before approval.  I assume it would be impractical, but that's the only way to be completely sure they're safe.  inb4 they make an AI for this

I wonder if Google has some sort of automated anti malware scanner whenever a developers pushes an update or a new app is submitted, preferably scanning it in a sandboxed environment. But yeah, I think Google taking a few pages from Apple's playbook might not hurt. But I don't think malware infections on Android is as bad as malware infections on PCs since phones aren't networked like computers so there's less vectors for infection and most Android malware still require user interaction unlike a lot of malware infections on PCs which can run even without interaction or reside in the memory to avoid detection. 

There is more that meets the eye
I see the soul that is inside

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, DrMacintosh said:

Google should take a number out of Apples Book and have stricter guidelines on how apps are submitted and approved for distribution on the store. Charging for uploads is a good start.  

Google already charges for uploading apps.

 

 

38 minutes ago, hey_yo_ said:

I wonder if Google has some sort of automated anti malware scanner whenever a developers pushes an update or a new app is submitted, preferably scanning it in a sandboxed environment.

They do, and it is used.

The problem is that it doesn't catch everything.

 

39 minutes ago, hey_yo_ said:

But I don't think malware infections on Android is as bad as malware infections on PCs since phones aren't networked like computers so there's less vectors for infection

Phones are MORE networked than PCs.

But the way the APIs are written make them far more limited and easier to trace what they actually do. That's the model Microsoft want to take with UWP too.

Link to comment
Share on other sites

Link to post
Share on other sites

Not really surprised, Google likes to point out all these security breaches and holes on others OS's/Brands software but their own stuff? Ha.

Well guess Google best better refocus on home base for a while an clean up a bit.

/s

 

But just to say though I really am not surprised, their app submission is less strict than Apples and needs to be updated. And people do have a tendency to ignore the risk more with phone apps than pc apps like @Shreyas1 mentioned. Why this is? People really need to start understanding their tech a bit better and know that their phones are basically pocket computers cause that is what they are and so makes them just as vulnerable.

 

*shakes head in disgust*

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

  

 

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

Reputation is a Lifetime to create but seconds to destroy.

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Docendo discimus - "to teach is to learn"

 

 CHRISTIAN MEMBER 

 

 
 
 
 
 
 

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, SansVarnic said:

But just to say though I really am not surprised, their app submission is less strict than Apples and needs to be updated. And people do have a tendency to ignore the risk more with phone apps than pc apps like @Shreyas1 mentioned. Why this is? People really need to start understanding their tech a bit better and know that their phones are basically pocket computers cause that is what they are and so makes them just as vulnerable.

 

*shakes head in disgust*

We can start by ;letting go of all those "speedboost" apps which are nothing but snake oil from my experience.

 

I found out my mom had installed it on her phone and promptly removed it, also telling her that her phone is better of without it since the OS itself should already do a half-decent job of allocating and managing resources along with managing cache plus dump files.

The Workhorse (AMD-powered custom desktop)

CPU: AMD Ryzen 7 3700X | GPU: MSI X Trio GeForce RTX 2070S | RAM: XPG Spectrix D60G 32GB DDR4-3200 | Storage: 512GB XPG SX8200P + 2TB 7200RPM Seagate Barracuda Compute | OS: Microsoft Windows 10 Pro

 

The Portable Workstation (Apple MacBook Pro 16" 2021)

SoC: Apple M1 Max (8+2 core CPU w/ 32-core GPU) | RAM: 32GB unified LPDDR5 | Storage: 1TB PCIe Gen4 SSD | OS: macOS Monterey

 

The Communicator (Apple iPhone 13 Pro)

SoC: Apple A15 Bionic | RAM: 6GB LPDDR4X | Storage: 128GB internal w/ NVMe controller | Display: 6.1" 2532x1170 "Super Retina XDR" OLED with VRR at up to 120Hz | OS: iOS 15.1

Link to comment
Share on other sites

Link to post
Share on other sites

it shows that it's not a terrible decision that there is no system authority for users and general developers in Iphone(IOS).:ph34r:

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, DrMacintosh said:

Google should take a number out of Apples Book and have stricter guidelines on how apps are submitted and approved for distribution on the store.

Stuff is still going to get through though.

 

08/2013

https://www.cnet.com/news/researchers-slip-malware-onto-apples-app-store-again/

 

09/2015

https://www.wired.com/2015/09/apple-removes-300-infected-apps-app-store/

 

 

I can't remember the last time I actually used the Play Store.  It's been years since I've been on there.  I completely moved over to F-Droid. 

Link to comment
Share on other sites

Link to post
Share on other sites

A list would be great but Android will tell you that the app you have infected is installed. Its a security feature that has been there since MM. 

 

But most of the malicious apps are obvious.

Link to comment
Share on other sites

Link to post
Share on other sites

6 hours ago, koji said:

Waiting for the list of affected apps.

Probably in the list are battery saving apps and privacy cleaners 

There is more that meets the eye
I see the soul that is inside

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

8 hours ago, huilun02 said:

Tells you that you might be using an infected app, leaves you guessing. Genius

As long as you don't download generic, no reviewed apps from a strange sounding studio, you should be fine. Also, some of the apps that were affected are ringtone and storage manager apps.

 

Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

9 hours ago, Ryan_Vickers said:

not relevant

This is a real app I found though, just as an example of what kind of suspicious things are out there

 

44 minutes ago, Shreyas1 said:

As long as you don't download generic, no reviewed apps from a strange sounding studio, you should be fine. Also, some of the apps that were affected are ringtone and storage manager apps.

It is worse than that. Most seem to be focusing on apps that contain malware from the get-go. However, the problem goes beyond screening apps at submission: many times a legitimate, but abandoned app gets bought by a third party, who then pushes the malware bit through an update. So, you may have this app that is completely benign, and you made sure it was benign before installing, and one day you receive an update (ah, how we love updates!) and voilà, you are part of the botnet. 

 

Yes, "app stores" have created a false sense of security (maybe the reason people don't download shady stuff so boldly in PC is because they have to go to shady websites to get them in the first place), that gives apps offered there an air of "official" or "approved", when in reality that's beyond unfeasible for the store owners. 

Link to comment
Share on other sites

Link to post
Share on other sites

11 hours ago, Shreyas1 said:

I think the problem is that some people believe that google checks everything on the store and they think that malware is only limited to pc,

 

11 hours ago, Ryan_Vickers said:

I'd be curious to know how many new apps, and updates to existing apps are submitted per day, and what kind of manpower it would take to have experts thoroughly review the entire code for each one before approval.  I assume it would be impractical, but that's the only way to be completely sure they're safe.  inb4 they make an AI for this

Isn't that what their Play Protect system is (previously Malicious App Detection)? Just a deep learning net for detecting malicious apps (a la Bitdefender's Malware Cloud AI) that scans apps at upload.

 

The bigger issue is the number of devices running old insecure versions of Android.

 

If you look, a lot of these malware threats don't even affect newer versions of Android. A lot of the iTunes malware has historically targeted older devices after their updates stopped as well.

 

As much as I see some people go "I don't care about having the latest version", I still say they should want it for precisely this reason. Unless you update phones yearly or at least every two years, you're going to be vulnerable to known threats sooner or later and people will take advantage of that.

Link to comment
Share on other sites

Link to post
Share on other sites

28 minutes ago, Sniperfox47 said:

 

Isn't that what their Play Protect system is (previously Malicious App Detection)? Just a deep learning net for detecting malicious apps (a la Bitdefender's Malware Cloud AI) that scans apps at upload.

 

The bigger issue is the number of devices running old insecure versions of Android.

 

If you look, a lot of these malware threats don't even affect newer versions of Android. A lot of the iTunes malware has historically targeted older devices after their updates stopped as well.

 

As much as I see some people go "I don't care about having the latest version", I still say they should want it for precisely this reason. Unless you update phones yearly or at least every two years, you're going to be vulnerable to known threats sooner or later and people will take advantage of that.

The problem with android and the whole ecosystem though is most people are severely behind on updates, not because they ignore them like they do on windows, but because they just aren't available due to having to go through the maker (Samsung, etc) and then sometimes even the carrier before they get to the device.  On top of that, I think android phones are also generally not supported for as long s they should be... Not as long as iphones.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×