Posted on February 24, 2020 at 6:09 PM
Security researchers at Check Point have discovered two different hacker types, Haken and Joker, on Google Play Store.
According to a blog post by researchers Aviran Hazum, Bogdan Melnykov, and Ohad Mana, the hackers continue to change their form in order to avoid Google’s security system.
The post also revealed that the hackers developed the spyware to avoid being picked by US or Canadian users. The malware makes use of geolocation data to find out premium services allocated to a device within a geographical location.
“With access to the notification listener, and the ability to send SMS, the payload listens for incoming SMS and extract the premium service confirmation code (2FA) and sends it to the “Offer Page”, to subscribe the user to that premium service,” the researchers said.
Similarly, the researchers pointed out that there is new clicker spyware known as “Hacker” that has been discovered in eight apps on the Google Play Store. It mimics the user and clicks on ads on behalf of the user.
According to the researchers, “This campaign has just begun its path in Google Play. With eight malicious applications and over 50,000 downloads, the clicker aims to get a hold of as many devices as possible to generate illegitimate profit,”
The hackers have managed to stay under the radar with the use of backdoored applications and native-code.
“With the usage of native-code, code injection into Ad-SDKs, and backdoored applications from the official store, Haken has shown clicking capabilities while staying under the radar of Google Play. Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns,” the researchers said.
Mobile app developers should strengthen their security
Senior production manager at OneSpan, Sam Baken, said that mobile app developers have a big role to play here. He pointed out that they should provide more security for their mobile app to prevent the unauthorized use of their apps.
He told media outlet MC Media UK
“Not only is it hard to find and retain Android and iOS development talent, but mobile app security experts or mobile developers with security knowledge are also even fewer and farther between. But, that challenge doesn’t matter to consumers.“
Similarly, chief executive of Upstream, Dimitris Mariatis, said that although consumers are safe when they download the app directly from Google’s official app store, unscrupulous apps are still scaling through their security systems.
“Fraudsters appear to target some app categories more than others. Ironically, apps designed to make a device function better and make everyday life easier are the ones most likely to be harmful with 22.32 percent of malicious apps for 2019 falling under the Tools / Personalisation / Productivity category globally.“
In a recent blog post, InMobi revealed that last year alone, marketers lost close to £10 billion in fraud related to app download and installation.
Some of the most common mobile app fraud include invalid traffic, click flooding, faked installs, SDK spoofing, click injection, as well as click spam. He said this app fraud is still the main problem of digital advertising this year. According to him, “It is more than an invisible threat, it is an epidemic.” The nature of the attack means that it will be difficult to easily detect because of hidden nature the hackers have kept the spyware.
He has called for improved mobile security if the digital advertisers are going to arrest this current situation. Maniatis stated that “if the situation is left unchecked, ad fraud will choke mobile advertising, erode trust in operators and lead to higher tariffs for users.”