Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google Android Privacy Security

How Spies Snuck Malware Into the Google Play Store -- Again and Again (wired.com) 34

Google's Play Store for Android apps has never had a reputation for the strictest protections from malware. Shady adware and even banking trojans have managed over the years to repeatedly defy Google's security checks. Now security researchers have found what appears to be a more rare form of Android abuse: state-sponsored spies who repeatedly slipped their targeted hacking tools into the Play Store and onto victims' phones. From a report: At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India. Unlike most of the shady apps found in Play Store malware, Kaspersky's researchers say, PhantomLance's hackers apparently smuggled in data-stealing apps with the aim of infecting only some hundreds of users; the spy campaign likely sent links to the malicious apps to those targets via phishing emails. "In this case, the attackers used Google Play as a trusted source," says Kaspersky researcher Alexey Firsh. "You can deliver a link to this app, and the victim will trust it because it's Google Play."

Kaspersky says it has tied the PhantomLance campaign to the hacker group OceanLotus, also known as APT32, widely believed to be working on behalf of the Vietnamese government. That suggests the PhantomLance campaign likely mixed spying on Vietnam's Southeast Asian neighbors with domestic surveillance of Vietnamese citizens. Security firm FireEye, for instance, has linked OceanLotus to previous operations that targeted Vietnamese dissidents and bloggers. FireEye also recently spotted the group targeting China's Ministry of Emergency Management as well as the government of the Chinese province of Wuhan, apparently searching for information related to Covid-19.

This discussion has been archived. No new comments can be posted.

How Spies Snuck Malware Into the Google Play Store -- Again and Again

Comments Filter:
  • Many things I dislike about the new iPhones, but, at least, the Apple app store is way safer than the play store.
    • Safer, yes. But still not safe. Apple has let malware into their store repeatedly. Is it really worth being locked in the garden simply because it has *less* monsters?

      • *fewer* monsters
      • Is it really worth being locked in the garden simply because it has much *less* monsters?

        ftfy. Stories about the play store having malware flourish all the time. Apple store?

      • Safer, yes. But still not safe. Apple has let malware into their store repeatedly. Is it really worth being locked in the garden simply because it has *less* monsters?

        Yeah, repeatedly. Like about a half-dozen times in what, 12 years? The Google Play Store has allowed malware in more times than that while I typed this post.

        So, in a word, "Yes". It is really worth it. And there is no restriction on Open Source software; just stuff that is Published on the iOS/iPadOS App Store. So, get yerself some XCode and a FREE Developer Account, and Compile-Away! No "Lock-In" here!

        Here some OSS for iOS:

        http://www.freesmug.org/fossio... [freesmug.org]

        https://github.com/dkhamsing/o... [github.com]

        https://medium.myb [mybridge.co]

        • The lock-in is probably in his wallet.

        • The Google Play Store has allowed malware in more times than that while I typed this post.

          Sure. But what is NOT said, is that in the vast majority of cases where malware slips through, it comes from 'no-name' suppliers, and in relatively obscure apps. In contrast, on my smartphone I have (among others):

          * The official app from the Dutch railways.
          * An app for the #1 site used in my country for buying & selling 2nd hand items.
          * An app from the #1 site used here for checking rain forecasts.
          * Several of the most popular browsers.
          * A couple of games that have 100M+ downloads each.
          * Wh

          • Okay, but at that point, what's even the difference between the two stores? Who cares about whether it's Apple's walled garden or Google's (less) walled garden? At that point, all the supposed benefits of Google being more open are completely moot.

            The promise of BOTH the app stores was that you could get safe apps that were made by small third parties, filling in the gaps in utility on your device, giving you functionality that big companies either didn't care to or didn't know to build.

          • by Rob Y. ( 110975 )

            That was my question. It's one thing to get malware uploaded to the Play store - but how do they get their marks to actually install the stuff. Do they run ads - on Facebook, Google, wherever? Word of mouth via shady sources like QAnon? Twitter?

            I guess some people go to the Play store and search for 'show me the best app to do such-and-such'. Presumably you see the most popular and 'safest' apps when you do that, no?

    • Research by well-established researchers in the field, from Georgia Tech and elsewhere, finds that Android and iPhone are about equally safe. For example the percentage of infected phones, phones communicating with a C&C, server, is the same for both platforms.

      Both platforms are significantly safer than the popular desktop OS.

      Having said that, of somebody is a fan of some product that's cool. I have no interest in fan-vs-fan battles. You do you.

      • Both platforms are significantly safer than the popular desktop OS.

        I never realized BeOS was so insecure. I'll upgrade to Haiku right away!

      • Re: (Score:3, Insightful)

        The point here is not about the security/platform in general, the point is about the apps - which of the two stores is more permeable to malicious apps? And the answer is the play store.
        • That's kinda what I thought based on things I saw in the popular press. Of course, the last three big stories about malicious Android apps were ones that were NOT in the Play store. Anyway, statistics don't really bear out the conventional wisdom on that.

          The percentage of malicious apps is pretty close - much closer than I would have guessed. The percentage of malware infections, measured on the network, is essentially identical, not statistically significant as I recall.

          Additionally, without going into t

          • by uvikal ( 6814184 )

            That's kinda what I thought based on things I saw in the popular press. Of course, the last three big stories about malicious Android apps were ones that were NOT in the Play store. Anyway, statistics don't really bear out the conventional wisdom on that.

            The percentage of malicious apps is pretty close - much closer than I would have guessed. The percentage of malware infections, measured on the network, is essentially identical, not statistically significant as I recall.

            Additionally, without going into too much detail, the mobile platforms have certain security advantages over the older desktop systems and both are actually quite safe.

            each of us had similar problems

  • And now it's signed a deal with a local devil.
  • by TheDarkMaster ( 1292526 ) on Wednesday April 29, 2020 @06:21AM (#60003422)
    In my experience with Google play I have noticed that for every "legitimate" application (which does what it promises to do) that I am looking for, there are twenty to thirty fakes trying to impersonate the legitimate application or claiming to do the same thing. And it's important to note how ridiculously useless the google play search is, In each simple search it returns dozens of results that have absolutely nothing to do with what I was searching for.
  • It's not that hard to find if the malware is on a pc, why is it so hard to find if its in an app submission?

Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail Installation Guide"

Working...