Unuchek says that if the app hadn’t been removed from Play, publishing the rooting malware likely would have been the attackers’ next step. That likely afforded attackers the option to make money, via Ztorg’s SMS functionality, before actually rooting the devices. Instead it appears the attacker bided his time, choosing to update the app on and off, with clean, then malicious content. Unuchek said it appeared the app’s original intent was to execute a rooting version of the Ztorg Trojan – it featured an encrypted Ztorg module – it just wasn’t able to decrypt it. It was uploaded on May 20 and downloaded more than 10,000 times before Google deleted it from the Play marketplace. The other app, Noise Detector, claimed to measure noise with decibel software.
It was installed 50,000 times after it was uploaded on May 15, but never was updated according to Roman Unuchek, a senior malware analyst with Kaspersky Lab an Android malware specialist who discovered the apps.
The more successful of the two apps, Magic Browser, mimicked the Google’s Chrome browser.
The two apps that Google removed more recently, Magic Browser, and Noise Detector, were vehicles for the Ztorg Trojan, Kaspersky claims. If downloaded, the app could have rooted Android devices and injected malicious code into an infected device’s system. Google, for the second time this month, has removed malicious apps from Google Play that could have laid the groundwork for an attacker to root infected devices.Ī researcher with Kaspersky Lab on Tuesday described how attackers managed to evade settings set in place by Google Play’s VerifyApps malware scanner in order to sneak malware onto unsuspecting users’ devices.Įarlier this month Google removed a rooting Trojan, Dvmap, from Google Play that was disguised as a puzzle game.
0 kommentar(er)
