Google is taking more sophisticated steps to prevent malware from appearing on Google Play. But the new round of removal, which involves about 200 applications and more than 10 million potential victims, shows that this long-standing problem is still unresolved and in this case costs users potentially hundreds of millions of dollars, writes Wired.
Researchers from the mobile security company Zimperium say that Android has problems with the fraud campaign from November 2020. As is often the case, attackers have managed to infiltrate benign-looking applications such as Handy Translator Pro, Heart Rate and Pulse Tracker and Bus-Metrolis 2021 into Google Play, even though they are just malware screens. After downloading one of the malicious applications, the victim receives a huge number of notifications, five per hour, which prompts her to confirm her phone number to receive the reward.
The “reward” download page is loaded through the browser in the application, which is a common technique for preventing malicious indicators in the application code itself. After the user entered the numbers, the attackers reported them for a monthly subscription of $ 42 through the premium function for the SMS service. It is a mechanism that usually allows you to pay for digital services or send money to charity via text message. In this case, the money goes directly to the fraudsters.
These techniques are common in malicious applications, and the issue of premium SMS scams is particularly problematic. But researchers say it’s significant that attackers have been able to effectively link these known approaches to incredible numbers, despite Google constantly improving Android security and Play Store defense.
“This is an impressive scope in terms of coverage. They throw a whole range of techniques across all categories and these methods are refined and proven. They use the method of comprehensive bombing when it comes to the amount of applications. “One may be successful, the other may not work, but that is enough for them,” said Richard Melik of Ziperium.
The operation targeted Android users in more than 70 countries and specifically checked their IP addresses to find out their geographical areas. The app will display web pages in the primary language of that location to make the experience more engaging. Malicious operators have taken care not to use the same URLs again, making it difficult to track them. The content generated by the attackers was also of high quality, with no spelling or grammatical errors indicating fraud, Wired said.