Showing posts with label Android Malware. Show all posts
Showing posts with label Android Malware. Show all posts

Monday, 11 February 2019

First Clipper Malware Discovered on Google Play

Clipper malware
Android/Clipper.C impersonating MetaMask on Google Play
Clippper malware was discovered on Google Play, the official Android app store. This malicious malware was discovered in Feb 2019.

What is the clipper malware? 


Addresses of the online cryptocurrency wallets have a long string of characters that includes alphabets and numbers.These addresses are basically long for security reasons. The users generally copy and paste the addresses using the clipboard instead of taking the trouble to type them out.

The people who steal the cryptocurrency, take advantage of this lapse and replace the wallet address in the clipboard. This is the clipper malware.

The attacker intercepts the address on the clipboard and changes it to the address belonging to him.
The user then ends up with the wallet address that has been switched by the attacker.

Though the clipper malware is relatively new, where the cryptocurrency stealers alter the address, it is considered an established malware.

The origins of clipper malware


The clipper malware was first discovered in 2017 on the Windows platform.

Later it was noticed in the shady Android app stores in the summer of 2018.

In August 2018, the first Android clipper malware was discovered. It is sold on underground hacking forums and subsequently seen in shady Android app stores.

The clipper malware was also hosted on download.cnet.com. This is one of the most popular software hosting sites. This malware was discovered by ESET researchers.

In February 2019, the malware was found on Google Play, which is the official Android app store.

How does the clipper malware function? 


The clipper malware was detected on the Google Play store. This malicious malware was found out by ESET security solutions. The malware, Android/Clipper.C, impersonates a genuine service known as MetaMask.

The clipper malware basically steals the user’s credentials and private keys in order to access the user’s Ethereum funds. This malware can also change the Bitcoin or Ethereum wallet address of the user and replace it with the address of the hacker. The wallet address of the user is replaced by the wallet address of the hacker using the clipboard.

When and how was the clipper malware discovered? 


On 1st Feb 2019, the ESET security solutions discovered the clipper malware, Android/Clipper.C on Google Play, the official Android app store. This was then intimated to the Google Play security team. They immediately removed the app from the Store.

This hacking targets the users who make use of the mobile version of the MetaMask service. The MetaMask service runs Ethereum decentralized apps in the browser without any need of running a complete Ethereum node.

Currently, the MetaMask service is not offering the mobile app. They are available as add-ons for desktop browsers like Chrome and Firefox.

Previously too, malicious apps were discovered on Google Play impersonating MetaMask in order to access the victim’s cryptocurrency funds.

Security measures against clipper malware


Users should update their Android devices and use reliable mobile security solution.

Download apps from the official Google Play store.

For any Google Play search, stick to the official website of the app developer or service provider for the link to the official app.

For any sensitive transactions involving information or money, double check every step.

Monday, 13 November 2017

BankBot Android Malware Sneaks into the Google Play Store

BankBot: Google’s little Sneak

A malware known for stealing people’s bank details by posing as a legitimate bank’s web page has struck hundreds of users yet again.

The malware was spotted on the Google play store in April of this year, with a recurrence in September and then finally it has come around again in November. Each of these times the Bank Bot nuisance has been removed by the Google team.

What essentially is BankBot?

BankBot is malware that first made its appearance in the Google Play store in April of this year. Posing as a legitimate app it fools users into downloading it. BankBot then asks for permission to SMS, bank and other details, all the while appearing to be a legitimate process of downloading the app.

Finally BankBot poses as a bank page when any payment has to be made. This bank page appears as an overlay to the actual one. BankBot even has access to an individual’s SMS app to take care of dual authentication processes which is required for some banks.

Why was it so easy for users to get fooled?


Users of Google’s Play store downloaded a seemingly genuine app known as Crypto Currency Market Prices. This app appears to be the front of the malware. Having a proper appearance and containing all the details it promised to have, it was very easy for users to get fooled by the app.

By having a working app, users were easily taken in by its appearance to doubt any foul practice. Had it been an app which appeared to be full of spam or one that didn’t work well or could not be opened, it would have given users an idea of what the app really was about.

The second point to note was that the malware was removed twice by the Google team with the security protocols being renewed and updated and in spite of all this BankBot found its way back into the system.

Updates to BankBot:

Since its first appearance in April, the BankBot malware has under gone a series of updates. These updates include code obfusication and the ability to bypass Android’s accessibility services.

This coupled with the fact that it was able to penetrate Google’s security protocol is an added way in which the malware has developed over the span of 7 months.

Users affected by BankBot:

The crypto currency app containing the malware was removed from the Google Play store but not before hundreds of users downloaded it to their mobile devices.

As far as Google is concerned, its 1.4 million were safe from the attack. It is unsure how many users were affected when the malware first arrived on the scene in April of this year.

Google Play store is full of apps that can cause serious damage to an individual’s device or in this case to their bank account. It is therefore important to keep an eye out on what you’re downloading. This is not the first time Google has become embroiled in the malware found on its Play store, recently there was news that a fake Whatsapp app was doing the rounds on the Google Play store.