Introduction
Cyber threats, Attacks keep rising as days pass, but the threat actors are indeed making most of it in the form of a technique known as the “Software version management” method to dodge the Google Play Store malware detection, which targets Android users in bulk.
Are you upgrading the correct version of your installed applications?
The Threat Horizons Report by Google’s Cybersecurity Action Team (GCAT)commented on Initiatives taken on Softer version control which commonly targets the users’ credentials, such as phone contact details, financial statements, etc. The idealogy is not rocket science; it’s just software version control in a cunning way so that it’s hard to detect. In this mechanism, developers initially launch the old app version to pass the Google security checkpoints, and then it’s later updated with malware such as injecting viruses, worms, trojans, etc. This is achieved but the attacker-controlled server-to-server malicious code on the end-user device by using Dynamic Code Loading(DCL)method, which ultimately turns an application into a backdoor. Backdoors are used to bypass normal security and authentication system.
Former this year, ESET exposed Application iRecorder, which is a screen-recording application that remained non-threatening for years until it was caught spying on users over the years. This application recorded Android users’ screens, which ultimately recorded every possible thing the user did. This initially seemed like applications getting a software update, but malicious intentions were sneaky into it.
More such Apps
Similarly, Sharkbot is a financial app with a trojanising version application with malicious intent using Dynamic Code Language, which regularly showed up on Google Play Store by impersonating a security application. This application initiates with unauthorised money transfer using Automated Transfer Service.
Moreover, These petite applications come on the front foot as clean and safe, with less functionality, but once it gets deployed on victims’ devices, it eventually deploys the full version of malware unobtrusively. In the workspace milieu, Thespians can be published under several stores under different developer accounts, with few holding malicious malware threats. The other applications hold a backup to the main. Such tricks and manipulations lead to maintaining very long malicious campaigns, minimising the petite and continuing version distributing campaigns.
How to be Safe?
To alleviate any potential risks, it’s highly recommended that Android users install applications from trusted repositories and enable Google Play Protect to receive alerts and warning notifications when potentially harmful applications are found.
Benefits of using Google Play Protect to safeguard your applications and your data.
- It runs a safety check before the application is downloaded from Google Play Store.
- It runs a security patch to detect any potentially harmful device also known as malware.
- Sends warnings and alert messages to the user about harmful applications.
- It deactivates or removes harmful applications from your device.
- It sends warning messages and threat alerts on deactivating or removing applications from the users’ device that violate Google’s Software Privacy by camouflaging and masquerading other crucial credentials.
- It also sends privacy alerts to users to seek permission for their personal data.
- Resetting app permission to keep users’ data secure.
Conclusion
In conclusion, It’s highly recommended that all Android users adhere to their privacy by not deploying any random applications they come across over the internet. Every individual holds their own privacy within themselves. In this rampant, it’s truly advisable to stay updated about security news and patches. Applications hold power to your privacy, your device, and your activities in your daily life; for Kids using devices for video gaming purposes or adults implementing applications for any workspace, it has become vital to check the update on the version control device.
Reference :
https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html?&web_view=true
Author: Sakshi Ankush Dhanawade Intern, Policy and Advocacy
