Google stated it blocked over 2.36 million policy-violating Android apps from being revealed to the Google Play app market in 2024 and banned greater than 158,000 dangerous developer accounts that tried to publish such dangerous apps.
The tech large additionally famous it prevented 1.3 million apps from getting extreme or pointless entry to delicate person information through the time interval by working with third-party app builders.
Moreover, Google Play Defend, a safety characteristic that is enabled by default on Android units to flag novel threats, recognized 13 million new malicious apps from exterior of the official app retailer.
“As a result of partnering closely with developers, over 91% of app installs on the Google Play Store now use the latest protections of Android 13 or newer,” Bethel Otuteye and Khawaja Shams from the Android Safety and Privateness Group, and Ron Aquino from Google Play Belief and Security stated.
As compared, the corporate blocked 1.43 million and 2.28 million dangerous apps from being revealed to the Play Retailer in 2022 and 2023, respectively.
Google additionally stated the builders’ use of the Play Integrity API – which permits them to test if their apps have been maliciously modified or are working in probably compromised environments – has seen a 80% decrease utilization of their apps from unverified and untrusted sources on common.
As well as, the corporate’s efforts to robotically block sideloading of probably unsafe apps in markets like Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, Singapore, South Africa, Thailand, and Vietnam has secured 10 million units from a minimum of 36 million dangerous set up makes an attempt, spanning over 200,000 distinctive apps.
Complementing these initiatives, Google this week introduced it is introducing a brand new “Verified” badge for consumer-facing VPN apps which have efficiently accomplished a Cell Software Safety Evaluation (MASA) audit. Google initially unveiled this plan in November 2023.
“This new badge is designed to highlight apps that prioritize user privacy and safety, help users make more informed choices about the VPN apps they use, and build confidence in the apps they ultimately download,” it stated.
If something, the findings present that defending the Android and Google Play ecosystem is a steady effort, as new malware strains proceed to search out their approach to cell units.
The newest instance is Tria Stealer, which has been discovered primarily focusing on Android customers in Malaysia and Brunei. The marketing campaign is believed to be ongoing since at the very least March 2024.
Distributed through private and group chats in Telegram and WhatsApp within the type of APK recordsdata, the malicious apps request delicate permissions that allow the harvesting of a variety of knowledge from apps like Gmail, Google Messages, Microsoft Outlook, Samsung Messages, WhatsApp, WhatsApp Enterprise, and Yahoo! Mail.
There may be some proof to recommend that the malware is the work of an Indonesian-speaking menace actor, owing to the presence of artifacts written within the Indonesian language and the naming conference of the Telegram bots used for internet hosting command-and-control (C2) servers.
“Tria Stealer collects victims’ SMS data, tracks call logs, messages (for example, from WhatsApp and WhatsApp Business), and email data (for example, Gmail and Outlook mailboxes),” Kaspersky stated. “Tria Stealer exfiltrates the data by sending it to various Telegram bots using the Telegram API for communication.”
The stolen info is then used to hijack private messaging accounts corresponding to WhatsApp and Telegram, and impersonate victims in an effort to request cash transfers from their contacts to financial institution accounts below their management, and additional perpetuate the rip-off by distributing the malware-laced APK file to all their household and buddies.
The truth that Tria Stealer can be capable of extract SMS messages signifies that the operators might additionally use the malware to steal one-time passwords (OTPs), probably granting them entry to numerous on-line companies, together with banking accounts.
Kaspersky stated the marketing campaign reveals some similarities with one other exercise cluster that distributed a chunk of malware dubbed UdangaSteal in 2023 and early 2024 focusing on Indonesian and Indian victims utilizing marriage ceremony invitation, bundle supply, and buyer assist lures. Nonetheless, there isn’t any proof at this stage to tie the 2 malware households to the identical menace actor.
