[ad_1]
May 3, 2020
The Kaspersky Lab security team detected new cases of malware that have circulated for years in the Google Play Store with certain Android applications that are particularly popular with users of Huawei, Xiaomi and Samsung. The research was reported by Ars Technica and reveals the goals of this malware in more detail with the various reasons for its attached creation. What Kaspersky Lab security experts have discovered is in detail what they intended to do for a long time as an integral part of the Play Store.
Its main objective was to reach users’ personal information and their presence was already identified in the Play Store in 2018. Therefore, we are talking about Android applications made specifically to access user data. The main problem is that their activities have been recorded since at least 2016. This means that for two years they have been able to do their dirty work safely without being noticed. What everyone is wondering is how it was possible that this malware managed to act without interruptions all this time, without being noticed by Google’s security filters.
Structure that was used to compose these malware
The answer lies in the type of structure that was used to compose these malware and is more detailed on two levels. The first level takes advantage of running the front version of the malware. No personal data is collected there, but only the operating system and installed Android applications are identified. However, in case any interesting application or service is detected to be exploited, the second level comes into play. In this case, the machine is activated for which personal data such as email addresses, identifiers, movements are stolen.
The 8 Android apps to be removed from Huawei, Samsung and Xiaomi smartphones
When it came to the approval request for publication on the Play Store, the second level of malware was clearly inactive. The same situation for the access permissions requested by the user: these are evident only during the use of the application, and not at the first start. These are tricks that have allowed a fairly long lifespan of these malware within the Play Store.
Thanks to Kaspersky Lab’s security work, Google has now managed to remove them from its store, but the problem is that the other third-party application stores have not yet done so. Apparently, behind the development of this malware, there would be a group, called OceanLotus, that would attack Asian governments, dissidents, journalists and in particular those with adverse interests in Vietnam. And here are the Android applications with malware revealed by Kaspersky Lab, which will be removed today May 3 from Huawei, Samsung and Xiaomi smartphones:
- com.zimice.browserturbo 2019-11-06
- com.physlane.opengl 2019-07-10
- com.unianin.adsskipper 2018-12-26
- com.codedexon.prayerbook 2018-08-20
- com.luxury.BeerAddress 2018-08-20
- com.luxury.BiFinBall 2018-08-20
- com.zonjob.browsercleaner 2018-08-20
- com.linevialab.ffont 2018-08-20
Origin: 8 Android apps for Huawei, Samsung and Xiaomi steal all data: full list from May 2020
[+] Videos de nuestro canal de YouTube
