6.5 C
New York
Friday, June 25, 2021

Google removes 1,700 ‘apps’ from Play Store from the Joker family of malware

Must Read

Kamal Saini
Kamal S. has been Journalist and Writer for Business, Hardware and Gadgets at Revyuh.com since 2018. He deals with B2b, Funding, Blockchain, Law, IT security, privacy, surveillance, digital self-defense and network policy. As part of his studies of political science, sociology and law, he researched the impact of technology on human coexistence. Email: kamal (at) revyuh (dot) com

Google Play Protect has removed 1,700 unique applications from the Bread malware family in the Play Store before users downloaded them

Google Play Protect has removed 1,700 unique applications from the Joker family of malware in the Play Store, before users downloaded them, a threat that the company has been following since 2017 and is dedicated to defrauding users through sending of SMS messages and payments by WAP.

Joker is a family of ‘malware’, also known as Bread, which addresses the user’s mobile bill. Google first identified it at the beginning of 2017 and since then it has battled infected applications, which always seemed to find a gap in its policies to go unnoticed in the company’s ‘market’, Google Play Store.

However, the digital store’s defence systems have removed 1,700 unique apps with the Bread malicious program before they were downloaded by users. In September, the Larry Page company also removed 24 infected applications, which together had reached more than 500,000 downloads in the Play Store.

Applications infected with this family of ‘malware’ carried out fraud through SMS at its source, but later began to attack payments by WAP (wireless application protocol), as reported by members of the security and privacy team on Android Alec Guertin and Vadim Kotov in a post on their official security blog.

In any case, these are two techniques that take advantage of the integration of telephone operators with vendors, to facilitate the payment of services with the mobile bill. Both request verification of the device, but not of the user. “The operator can determine that the request originates from the user’s device, but does not require any user interaction that cannot be automated,” they say from Google. Thus, the creators of this ‘malware’ “use injected clicks, custom HTML parsers and SMS receivers to automate the payment process without requiring any user interaction.”

“As Play Store has introduced new policies and Google Play Protect has expanded the defences, Bread applications have been forced to go looking for new gaps. At some point, they have come to use all the concealment techniques that exist to not be detected. Many of the samples found seem to be specifically designed to try to enter the Play Store without being detected,” the experts explained, before adding that the company has defended itself from an attacker whom it considers “persistent and well organized.”

- Advertisement -
- Advertisement -

Latest News

“He’s going to eat meeeee” – says African little girl who sees white guy for the first time | Video

This little girl from a remote Ugandan tribe experienced perhaps one of the most chilling moments of her life...
- Advertisement -

More Articles Like This

- Advertisement -