Infected Android applications

Infected Android applications

In today’s post, I would like to draw attention to the threats associated with mobile devices because we must remember that our data can be compromised not only through clicking on a link in an email and logging in or downloading an installer on a computer,

Mobile phones, which everyone has nowadays, are also vulnerable to attacks.

Recently, an article from the McAfee Mobile Research Team highlighted several applications available on the Google Play Store that were infected with the Android/Xamalicious virus.

According to the research team, the application attempts to persuade users to grant specific permissions after installation. Subsequently, it communicates with a command and control server to download additional files and execute them on the device, aiming to take control and perform various actions on behalf of the user. An example screen for granting permissions looks like the one below.

source: https://www.mcafee.com

Based on the article, the highest download activity for these applications was observed in the USA, Brazil, and Argentina. In Europe, particularly in the United Kingdom, Spain, and Germany, there was significant activity as well. Downloads were also reported in Poland.

Below is the full list of applications that the McAfee researchers were able to identify.

source: https://www.mcafee.com

The threat arises from the fact that applications written in languages other than Java, using frameworks such as Xamarin, Flutter, or React, have an additional layer that allows malicious software to be concealed within the application.

So how can one protect themselves from such cases?

It would be advisable not to install applications thoughtlessly but to pay attention to the permissions they request. For example, it seems obvious that a calculator shouldn’t need access to the camera or SMS functionality.

Komentarze

Nie ma jeszcze komentarzy. Może zaczniesz dyskusję?

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *