New multi-stage malware detected on Google Play
Google has eradicated all eight apps from the store and researchers stage out that the eradicated apps solely had just some hundred downloads a bit, so this wasn’t as large a diffusion as various the sooner malware invasions we’ve reported on. ESET notes that this malware family’s specific anti-detection choices are in all probability probably the most attention-grabbing part of the story.
Once the apps have been downloaded and put in, they don’t request suspicious permissions and the app even performs as a result of the buyer would rely on. The app instead decrypts and executes various fully totally different payloads in a kind of Russian nesting doll code execution in an effort to obfuscate the malware’s true operate. Check out this major outline of how the malware will get unaware prospects to place in a very malicious app whereas bypassing Google’s security checks.
Researchers discover that the app that’s downloaded and executed by the second-stage payload is commonly disguised as a extensively identified product like Adobe Flash Player or simply “Android Update.” Once this app will get all the permissions it desires to place within the fourth payload, researchers found a banking trojan that makes an try to phish usernames and passwords.
Subscribe Via Email: