Security researchers at ESET have launched a report concerning a model new kind of malware found on the Google Play Store that appears to utilize a cultured strategy of flying beneath the radar to steer clear of detection. The malware in question was dubbed Android/TrojanDropper.Agent.BKY and eight apps have been found inside the Google Play Store containing the malicious code.

Google has eradicated all eight apps from the store and researchers stage out that the eradicated apps solely had just some hundred downloads a bit, so this wasn’t as large a diffusion as various the sooner malware invasions we’ve reported on. ESET notes that this malware family’s specific anti-detection choices are in all probability probably the most attention-grabbing part of the story.

Once the apps have been downloaded and put in, they don’t request suspicious permissions and the app even performs as a result of the buyer would rely on. The app instead decrypts and executes various fully totally different payloads in a kind of Russian nesting doll code execution in an effort to obfuscate the malware’s true operate. Check out this major outline of how the malware will get unaware prospects to place in a very malicious app whereas bypassing Google’s security checks.

Researchers discover that the app that’s downloaded and executed by the second-stage payload is commonly disguised as a extensively identified product like Adobe Flash Player or simply “Android Update.” Once this app will get all the permissions it desires to place within the fourth payload, researchers found a banking trojan that makes an try to phish usernames and passwords.

 


Like what you read? Follow us on Facebook, Follow us on Twitter, Follow us on Instagram and Subscribe by means of FeedBurner.


Subscribe Via Email:

Enter your e mail cope with:

Delivered by FeedBurner