New malware puts at risk millions of Android devices

Hexamob 05/27/2017

A new malware hides within Google Play Store apps: once downloaded, it makes clicks on advertising campaigns. A group of researchers from the Georgia Institute of Technology discovered a malware that can infect any Android device, including Android 7.1.2 Nougat.

Android Malware: Judy

Well, indeed there are two new malwares, so bad news on the security front. The first, called Judy, has been discovered by Check Point Technologies, a well-known cybersecurity company. According to it, the Google Play Store has once again come to the hacker view. The digital Android market would have been surrounded, in fact, by a swarm of malware.

As has happened other times, malicious code has stayed undisturbed in the Android app store, hiding within some seemingly innocuous applications. In the specific case, Judy was tracked on 41 apps developed by a Korean company, some of which are available in the Play Store.

This is an adware, that is, a form of malware that aims to generate click in ads. And judging from how many times apps invaded by malware have been downloaded, the system has allowed cybercriminals to gain profitable earnings.

Android Malware: Cloak and Dagger

New malware puts at risk millions of Android devices 1

Cyber security researchers have also discovered a new multipurpose malware called Cloak and Dagger, which is capable of hitting any Android device, from older versions to 7.1.2 Nougat.

The virus, as it is structured, allows cyber criminals to access smartphones or devices with Android operating system without the victim noticing it. Once infected, Cloak and Dagger starts stealing private data, including bank accounts, conversations, device PINs, online passwords, and phone contacts. In practice, the hacker starts stealing any information without the user being able to defend himself. The interesting thing is that malware does not exploit vulnerabilities in the Android system. Instead, use the permissions granted by most used apps to have full access to the device.

Google Play Store in trouble

Check Point also found the same malware in some applications developed by another company. It is unclear whether there is any form of tacit connection between the two situations. In this new malware campaign, apps infected by the adware have been downloaded, according to Check Point, between 4 and 18 million times. This means that, overall, the number of users affected by Judy could be very high: between 8 and 36 million. If you add this number to the number of users affected by Cloak and Dagger, the thing is even worst.

The fact that the virus exploits legitimate permissions makes it easier for hackers to create apparently malicious applications for what they really are. This is still a low-security hit for the Google Play Store, and the company will have to work hard in the future to secure this system that has only reported several instances of attacks in recent months. The phenomenon of malicious apps in the Play Store is growing steadily. Last month, a long series of video applications were discovered that actually contained trojans to steal user bank data. Even then, cyber criminals have exploited the legitimate permissions.