Google revealed that its enhanced security features and app review processes helped it prevent 1.43 million malicious apps from being released on the Play Store in 2022.
Additionally, the company said it banned 173,000 malicious accounts and warded off more than $2 billion in fraudulent and abusive transactions with developer-facing features like the Voided Purchases API, Obfuscated Account ID, and Play Integrity API.
The addition of identity verification methods such as phone number and email address to join Google Play has contributed to a reduction in accounts used to publish apps that go against its policies, a underlined Google.
The search giant further stated that it “prevented approximately 500,000 submitted apps from unnecessarily accessing sensitive permissions over the past 3 years.”
“In 2022, the Application Security Improvement Program helped developers fix ~500,000 security weaknesses affecting approximately 300,000 applications with a combined install base of approximately 250 billion installs,” a- he noted.
By contrast, Google blocked 1.2 million non-compliant apps from publishing and banned 190,000 malicious accounts in 2021.
The development comes weeks after Google adopted a new data deletion policy that requires app developers to offer an “easily discoverable option” to users both inside an app and outside. of it.
Despite these efforts by Google, cybercriminals continue to find ways to bypass app store security protections and release malicious apps and adware.
For example, McAfee’s mobile research team uncovered 38 games posing as Minecraft that have been installed by as many as 35 million users worldwide, mostly located in the United States, Canada, Korea South and Brazil.
It has been found that these gaming apps while delivering the promised features embeds HiddenAds malware to stealthily load advertisements in the background to generate illicit revenue for its operators.
Some of the most downloaded apps are as follows –
- Block Box Master Diamond (com.good.robo.game.builder.craft.block)
- Craft Sword Mini Fun (com.craft.world.fairy.fun.everyday.block)
- Skyland Sword Block Box (com.skyland.pet.realm.block.rain.craft)
- Craft Crazy Monster Sword (com.skyland.fun.block.game.monster.craft)
- Block Pro Forrest Diamond (com.monster.craft.block.fun.robo.fairy)
“One of the most accessible content for young people using mobile devices is games,” McAfee said. “Malware authors are also aware of this and try to hide their malicious functionality in games.”
Complicating the issue is the rise of Android banking malware that can be weaponized by threat actors to gain access to victims’ devices and collect personal information.
Another emerging trend is the use of linking services to trojanize legitimate apps and conceal a malicious APK payload. This technique has been adopted by bad actors to distribute an Android botnet dubbed DAAM, Cyble said.
Learn how to stop ransomware with real-time protection
Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.
Save my spot!
The malware, once installed, establishes connections with a remote server to perform a wide range of nefarious actions, including acting like ransomware by encrypting files stored in devices using a password retrieved from the server.
DAAM also abuses Android’s accessibility services to monitor user activity, allowing it to log keystrokes, record VoIP calls from instant messaging apps, collect history browser files, call logs, photos, screenshots and SMS messages, execute arbitrary code and open phishing URLs. .
“Malware writers often leverage genuine applications to distribute malicious code to avoid suspicion,” the cybersecurity firm said in an analysis published last month.
The findings also follow an advisory from CloudSEK, which found that several popular Android apps such as Canva, LinkedIn, Strava, Telegram, and WhatsApp do not invalidate or revalidate session cookies after transferring app data from one device to another.
Although this attack scenario requires an adversary to have physical access to a target’s phone, it could allow account takeover and grant an adversary unauthorized access to confidential data.
To mitigate these threats, it is advisable to enable two-factor authentication (2FA) to add an extra layer of account protection, review app permissions, secure devices with a password, and avoid leaving them unattended. monitoring in public places.
#Google #blocks #million #malicious #apps #bans #malicious #accounts