How do malware penetrate Google Play? Google responds

0 0

In this method, hackers bypass Google Play’s security controls by making different versions of legal programs and releasing their malware.

Google’s security team has explained a common tactic called versioning, through which hackers can bypass Google Play’s review and security controls and inject malware into users’ Android devices.

in this technique, hackers spread malware either through updates to pre-installed programs or by downloading malicious code from servers under their control. Google explains:

“One of the ways hackers try to bypass Google Play’s security controls is versioning. Versioning occurs when a developer has released an early version of an app on Google Play that appears legitimate and has been verified by our reviews. “But then it receives an update from a third-party

server that modifies the code on the end-user’s device and enables its malicious activities.”

How do malware penetrate Google Play
How do malware penetrate Google Play

Google further points out that apps that engage in such activities violate Google Play’s deceptive behavior policy and can be labeled as backdoors.

According to current Google Play guidelines, apps published through the service cannot modify, replace, or update their app using any method other than the official update mechanism provided by Google. Also, these programs are prohibited from downloading executable codes (such as dex, JAR, or so. files) from external sources.

Malware that uses this technique in Google Play

Malware that uses this technique in Google Play
Malware that uses this technique in Google Play

Google also points to a specific type of malware called SharkBot, which was first discovered in 2021 by Cleafy’s intelligence team, and uses the same technique. SharkBot is a banking malware that, after infiltrating Android devices, conducts unauthorized money transfers through the Automated Transfer Service (ATS) protocol.

The hackers responsible for SharkBot use the strategy of releasing versions with limited functionality on Google Play to hide the dubious nature of their apps. However, when the user downloads the trojan version of the program, he receives the full version of the malware.

READ MORE :  Elon Musk sold another $3.9 billion in Tesla stock

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 98

No votes so far! Be the first to rate this post.

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy