Google found 300 infected apps

[Shreyas1]

https://www.theverge.com/2017/8/29/16219426/google-removes-apps-play-store-hijack-phones-ddos-attacks

 

Apparently, google's security team discovered 300 apps with malware in it that were used in DDoS attacks.

Quote from The Verge

Quote

Around 300 apps have been withdrawn from Google’s Play Store after they were found to be secretly hijacking Android devices to supply traffic for wide-scale distributed denial of service (DDoS) attacks, as noted by Gizmodo. Google removed apps that offered services like ringtones and storage managers after security researchers uncovered the “WireX” botnet was behind the ploy. Malware was hidden inside the affected apps, and as long as the device remained switched on it was used in DDoS attacks.

 So be careful what you download, even on phones. There could possibly be more of these types of malware. These apps offered ringtones and storage managers. According to The Verge

 

Quote

Google said in a statement it’s currently in the process of removing the malicious apps from affected devices, and some researchers say up to 70,000 devices in 100 countries could be compromised. Some of the WireX attacks also asked for ransom fees.

And some good news- multiple companies are fighting this malware and have written a joint blog post about it. Google has obviously blocked these apps, but there could be more.

 

https://blog.cloudflare.com/the-wirex-botnet/

 

Just be careful what you download, and I think this really shouldn't be a problem in the first place if you do.

[Ryujin2003]

I don't in infected, but where is the list of the malicious programs?

[vanished]

19 minutes ago, Shreyas1 said:

 So be careful what you download, even on phones.

More like especially on phones.  I feel like people are reasonably good at not downloading random shady stuff on PC, but phone apps like that seem to get people every time some how, which is especially concerning considering how many people seem to live on their phones, doing even important things like banking, etc.

 

[DrMacintosh]

Google should take a number out of Apples Book and have stricter guidelines on how apps are submitted and approved for distribution on the store. Charging for uploads is a good start.  

[Shreyas1]

2 minutes ago, Ryan_Vickers said:

More like especially on phones.  I feel like people are reasonably good at not downloading random shady stuff on PC, but phone apps like that seem to get people every time some how, which is especially concerning considering how many people seem to live on their phones, doing even important things like banking, etc.

 

I think the problem is that some people believe that google checks everything on the store and they think that malware is only limited to pc,

[vanished]

2 minutes ago, Shreyas1 said:

I think the problem is that some people believe that google checks everything on the store and they think that malware is only limited to pc,

well that would certainly be a problem lol 

[Zodiark1593]

4 minutes ago, DrMacintosh said:

Google should take a number out of Apples Book and have stricter guidelines on how apps are submitted and approved for distribution on the store. Charging for uploads is a good start.  

Considering we're free to side load whatever we want outside the app store, unlike iOS, I wouldn't care too much if the Play Store clamps down a bit.

[vanished]

6 minutes ago, DrMacintosh said:

Google should take a number out of Apples Book and have stricter guidelines on how apps are submitted and approved for distribution on the store. Charging for uploads is a good start.  

I'd be curious to know how many new apps, and updates to existing apps are submitted per day, and what kind of manpower it would take to have experts thoroughly review the entire code for each one before approval.  I assume it would be impractical, but that's the only way to be completely sure they're safe.  inb4 they make an AI for this

[LienusLateTips]

10 minutes ago, Ryan_Vickers said:

More like especially on phones.  I feel like people are reasonably good at not downloading random shady stuff on PC, but phone apps like that seem to get people every time some how, which is especially concerning considering how many people seem to live on their phones, doing even important things like banking, etc.

 

hrm....

the file name is "adobephotoshopexpress" yatta yatta yatta

[vanished]

2 minutes ago, JDE said:

hrm....

the file name is "adobephotoshopexpress" yatta yatta yatta

not relevant

This is a real app I found though, just as an example of what kind of suspicious things are out there

[Creed1]

A couple days ago I got a notification on my phone saying tons of new viruses discovered (Not on my device) from my cellular companies security bloatware. Then it said scanned each one of my apps.....I think 

[koji]

Waiting for the list of affected apps.

[Shreyas1]

10 minutes ago, koji said:

Waiting for the list of affected apps.

 

59 minutes ago, Ryujin2003 said:

I don't in infected, but where is the list of the malicious programs?

I think if you contact google, they'll give you a list. BUT, this is info is off a comment section in a link that I posted above, so I really don't know.

[captain_to_fire]

1 hour ago, Ryan_Vickers said:

I'd be curious to know how many new apps, and updates to existing apps are submitted per day, and what kind of manpower it would take to have experts thoroughly review the entire code for each one before approval.  I assume it would be impractical, but that's the only way to be completely sure they're safe.  inb4 they make an AI for this

I wonder if Google has some sort of automated anti malware scanner whenever a developers pushes an update or a new app is submitted, preferably scanning it in a sandboxed environment. But yeah, I think Google taking a few pages from Apple's playbook might not hurt. But I don't think malware infections on Android is as bad as malware infections on PCs since phones aren't networked like computers so there's less vectors for infection and most Android malware still require user interaction unlike a lot of malware infections on PCs which can run even without interaction or reside in the memory to avoid detection. 

[LAwLz]

1 hour ago, DrMacintosh said:

Google should take a number out of Apples Book and have stricter guidelines on how apps are submitted and approved for distribution on the store. Charging for uploads is a good start.  

Google already charges for uploading apps.

 

 

38 minutes ago, hey_yo_ said:

I wonder if Google has some sort of automated anti malware scanner whenever a developers pushes an update or a new app is submitted, preferably scanning it in a sandboxed environment.

They do, and it is used.

The problem is that it doesn't catch everything.

 

39 minutes ago, hey_yo_ said:

But I don't think malware infections on Android is as bad as malware infections on PCs since phones aren't networked like computers so there's less vectors for infection

Phones are MORE networked than PCs.

But the way the APIs are written make them far more limited and easier to trace what they actually do. That's the model Microsoft want to take with UWP too.

[SansVarnic]

Not really surprised, Google likes to point out all these security breaches and holes on others OS's/Brands software but their own stuff? Ha.

Well guess Google best better refocus on home base for a while an clean up a bit.

/s

 

But just to say though I really am not surprised, their app submission is less strict than Apples and needs to be updated. And people do have a tendency to ignore the risk more with phone apps than pc apps like @Shreyas1 mentioned. Why this is? People really need to start understanding their tech a bit better and know that their phones are basically pocket computers cause that is what they are and so makes them just as vulnerable.

 

*shakes head in disgust*

[D13H4RD]

2 minutes ago, SansVarnic said:

But just to say though I really am not surprised, their app submission is less strict than Apples and needs to be updated. And people do have a tendency to ignore the risk more with phone apps than pc apps like @Shreyas1 mentioned. Why this is? People really need to start understanding their tech a bit better and know that their phones are basically pocket computers cause that is what they are and so makes them just as vulnerable.

 

*shakes head in disgust*

We can start by ;letting go of all those "speedboost" apps which are nothing but snake oil from my experience.

 

I found out my mom had installed it on her phone and promptly removed it, also telling her that her phone is better of without it since the OS itself should already do a half-decent job of allocating and managing resources along with managing cache plus dump files.

[zondaBUPT]

it shows that it's not a terrible decision that there is no system authority for users and general developers in Iphone(IOS).

[dfsdfgfkjsefoiqzemnd]

3 hours ago, DrMacintosh said:

Google should take a number out of Apples Book and have stricter guidelines on how apps are submitted and approved for distribution on the store.

Stuff is still going to get through though.

 

08/2013

https://www.cnet.com/news/researchers-slip-malware-onto-apples-app-store-again/

 

09/2015

https://www.wired.com/2015/09/apple-removes-300-infected-apps-app-store/

 

 

I can't remember the last time I actually used the Play Store.  It's been years since I've been on there.  I completely moved over to F-Droid. 

[mynameisjuan]

A list would be great but Android will tell you that the app you have infected is installed. Its a security feature that has been there since MM. 

 

But most of the malicious apps are obvious.

[captain_to_fire]

6 hours ago, koji said:

Waiting for the list of affected apps.

Probably in the list are battery saving apps and privacy cleaners 

[Shreyas1]

8 hours ago, huilun02 said:

Tells you that you might be using an infected app, leaves you guessing. Genius

As long as you don't download generic, no reviewed apps from a strange sounding studio, you should be fine. Also, some of the apps that were affected are ringtone and storage manager apps.

[SpaceGhostC2C]

9 hours ago, Ryan_Vickers said:

not relevant

This is a real app I found though, just as an example of what kind of suspicious things are out there

 

44 minutes ago, Shreyas1 said:

As long as you don't download generic, no reviewed apps from a strange sounding studio, you should be fine. Also, some of the apps that were affected are ringtone and storage manager apps.

It is worse than that. Most seem to be focusing on apps that contain malware from the get-go. However, the problem goes beyond screening apps at submission: many times a legitimate, but abandoned app gets bought by a third party, who then pushes the malware bit through an update. So, you may have this app that is completely benign, and you made sure it was benign before installing, and one day you receive an update (ah, how we love updates!) and voilà, you are part of the botnet. 

 

Yes, "app stores" have created a false sense of security (maybe the reason people don't download shady stuff so boldly in PC is because they have to go to shady websites to get them in the first place), that gives apps offered there an air of "official" or "approved", when in reality that's beyond unfeasible for the store owners. 

[Sniperfox47]

11 hours ago, Shreyas1 said:

I think the problem is that some people believe that google checks everything on the store and they think that malware is only limited to pc,

 

11 hours ago, Ryan_Vickers said:

I'd be curious to know how many new apps, and updates to existing apps are submitted per day, and what kind of manpower it would take to have experts thoroughly review the entire code for each one before approval.  I assume it would be impractical, but that's the only way to be completely sure they're safe.  inb4 they make an AI for this

Isn't that what their Play Protect system is (previously Malicious App Detection)? Just a deep learning net for detecting malicious apps (a la Bitdefender's Malware Cloud AI) that scans apps at upload.

 

The bigger issue is the number of devices running old insecure versions of Android.

 

If you look, a lot of these malware threats don't even affect newer versions of Android. A lot of the iTunes malware has historically targeted older devices after their updates stopped as well.

 

As much as I see some people go "I don't care about having the latest version", I still say they should want it for precisely this reason. Unless you update phones yearly or at least every two years, you're going to be vulnerable to known threats sooner or later and people will take advantage of that.

[vanished]

28 minutes ago, Sniperfox47 said:

 

Isn't that what their Play Protect system is (previously Malicious App Detection)? Just a deep learning net for detecting malicious apps (a la Bitdefender's Malware Cloud AI) that scans apps at upload.

 

The bigger issue is the number of devices running old insecure versions of Android.

 

If you look, a lot of these malware threats don't even affect newer versions of Android. A lot of the iTunes malware has historically targeted older devices after their updates stopped as well.

 

As much as I see some people go "I don't care about having the latest version", I still say they should want it for precisely this reason. Unless you update phones yearly or at least every two years, you're going to be vulnerable to known threats sooner or later and people will take advantage of that.

The problem with android and the whole ecosystem though is most people are severely behind on updates, not because they ignore them like they do on windows, but because they just aren't available due to having to go through the maker (Samsung, etc) and then sometimes even the carrier before they get to the device.  On top of that, I think android phones are also generally not supported for as long s they should be... Not as long as iphones.