6.5 C
New York
Thursday, October 28, 2021

Google removes 1,700 ‘apps’ from Play Store from the Joker family of malware

Must Read

This antidepressant reduces the risk of prolonged hospitalization due to Covid-19

A study published in "The Lancet" shows that fluvoxamine is effective in treating high-risk patients with Covid-19...

COVID-19 patients are at higher risk of malnutrition (more than 82%) after hospital discharge

Preliminary data from the NutriCovid trial reveal that SARS CoV2 infection has a significant influence on the...

Afghanistan’s renewed terrorist threat cannot be separated from America’s chaotic withdrawal – Opinion

It is one thing to know that you cannot win a war and quite another to stage...
Kamal Saini
Kamal S. has been Journalist and Writer for Business, Hardware and Gadgets at Revyuh.com since 2018. He deals with B2b, Funding, Blockchain, Law, IT security, privacy, surveillance, digital self-defense and network policy. As part of his studies of political science, sociology and law, he researched the impact of technology on human coexistence. Email: kamal (at) revyuh (dot) com

Google Play Protect has removed 1,700 unique applications from the Bread malware family in the Play Store before users downloaded them

Google Play Protect has removed 1,700 unique applications from the Joker family of malware in the Play Store, before users downloaded them, a threat that the company has been following since 2017 and is dedicated to defrauding users through sending of SMS messages and payments by WAP.

Joker is a family of ‘malware’, also known as Bread, which addresses the user’s mobile bill. Google first identified it at the beginning of 2017 and since then it has battled infected applications, which always seemed to find a gap in its policies to go unnoticed in the company’s ‘market’, Google Play Store.

However, the digital store’s defence systems have removed 1,700 unique apps with the Bread malicious program before they were downloaded by users. In September, the Larry Page company also removed 24 infected applications, which together had reached more than 500,000 downloads in the Play Store.

Applications infected with this family of ‘malware’ carried out fraud through SMS at its source, but later began to attack payments by WAP (wireless application protocol), as reported by members of the security and privacy team on Android Alec Guertin and Vadim Kotov in a post on their official security blog.

In any case, these are two techniques that take advantage of the integration of telephone operators with vendors, to facilitate the payment of services with the mobile bill. Both request verification of the device, but not of the user. “The operator can determine that the request originates from the user’s device, but does not require any user interaction that cannot be automated,” they say from Google. Thus, the creators of this ‘malware’ “use injected clicks, custom HTML parsers and SMS receivers to automate the payment process without requiring any user interaction.”

“As Play Store has introduced new policies and Google Play Protect has expanded the defences, Bread applications have been forced to go looking for new gaps. At some point, they have come to use all the concealment techniques that exist to not be detected. Many of the samples found seem to be specifically designed to try to enter the Play Store without being detected,” the experts explained, before adding that the company has defended itself from an attacker whom it considers “persistent and well organized.”

- Advertisement -
- Advertisement -

Latest News

- Advertisement -

More Articles Like This

- Advertisement -