-Serious Viruses To Steal Money Utilize Google Play Store




To Perform Their Attacks
Eset revealed that a new wave of software Trojans serious specialized in stealing accounts and working on the Android operating system was able to re-enter the Google Play Store armed with new methods and techniques, after the company warned of the seriousness of this software at the beginning of this year.

The information security company said that the malicious software called “BankBot” has continued to develop during the current year to appear in different forms and versions inside and outside the Google Play Store.

The Slovak company added that the new type of Trojan horse that was discovered in the store on 4 September is the first malware that integrates the latest steps of the development of the software, “Dubtbankt” successfully; improved data encryption patterns, and enhance the accuracy of data load unloading, to Along with the use of tricky techniques to transfer software through the exploitation of access powers in the Android operating system.

According to Acet, cases of exploitation of access powers of the Android operating system using a number of Trojans software recorded outside the Google Play store most of the time. Recent analyzes by SfyLabs and Zscaler have confirmed that hackers who have deployed the “spider” have successfully lifted the application by exploiting Google Play’s access powers without including the software data load Malicious bank robberies.

The solution to this mystery is that the payload of malware data has been able to sneak into the Google Play Store in a game called “Jewels Star Classic” (It should be noted here that the pirates abused the name of the famous one of the platforms legitimate “Jewels Star” Jewels Star Developed by ITREEGAMER which is not associated with this malicious malware attack).

The company said it had informed Google’s security team about this malicious application, which was downloaded by about 5,000 users before the store removed.

How does this malware work?

The company explained that when the user does not download the game “Joelz Star Classic” – developed by “GameDevTony” GameDevTony, it gets a game can be run on the Android system. With some hidden plugins, the hacker can run the load of malicious data inside the game, along with a malicious service that is activated after a specified time limit has been set earlier.

The malware service runs after 20 minutes on the first operation of the game “Jewels Star Classic”. The malicious device then displays an alert that prompts the user to enable a service called “Google Service” (Note: the alert appears independently of the current activity of the user, and without any apparent relationship with the game).

Once the user has pressed the “OK” option, which is the only way to prevent the alarm from reappearing, the user automatically goes to the Android access menu, where access privileges are managed in the system. A new service called “Google service” created by malicious software appears among the legitimate service group. By clicking on this service, a description is taken out of Google’s Terms of Use Agreement.

When the user decides to activate the service, he or she will have a list of powers to be granted, including: “Monitor your activities”, “Restore the content window”, “Enable touch exploration,” “Enable enhanced access to the network”, “Execute Measures”.

Once the “OK” button is pressed, access to the malicious software is granted. By granting these powers, the user gives malicious software complete freedom to perform all the actions it needs to continue its malicious activities.

In practice, after approval of the granting of powers, the user is blocked for a short time to access the screen of his mobile device pending the “Google service update” – it should be noted that Google does not manage this process.

Malicious software uses this on-screen interface to cover its next steps, activating processes on behalf of the user by using access permissions obtained by malicious software earlier. While the user is waiting for the phantom upgrade to finish loading, malicious software performs a number of operations.

These include allowing applications to be downloaded from anonymous sources, installing malicious software from its source and activating them, activating “Bancobot” as the administrator of the device, assigning “Bancabot” as a default SMS application, and obtaining permissions to download more applications.

Once successful, malicious software can start working to achieve its next goal of stealing user credit card information. Unlike other Bancobot software, which targets a wide range of specific banking applications that are fraudulent in nature to access account credentials, this software is primarily focused on the Google Play app installed on all Android operating systems.

When a user runs the Google Play application, the “spider” software interferes with the legitimate nature of the application and uses a false model to request the user’s credit card information.

If the fraudulent form degrades the user and enters his or her credit card information, the hackers have succeeded in achieving their primary purpose. Because of its success in identifying itself as a default SMS application, it has been able to intercept all SMS messages exchanged on the infected device. This allows hackers to bypass the binary authentication systems of a user’s bank account, which represents the latest potential obstacle to user money.

What are the reasons for the high risk of this cyber attack?

In this cyber attack, hackers combine a wide range of popular technologies among malware designers on the Android operating system, which include exploiting access powers on the Android system, impersonating Google applications, and setting a time-lag to delay malicious software to avoid Google actions. “Security.

Together, these technologies contribute to making the detection of the threat in a timely manner very difficult for the user. Because the malicious software swims like Google applications and waits 20 minutes before the first alert, the user’s chance to link their activities to the recently launched Joels Star Classic application is diminished. In addition, different names and forms used by malicious software during different stages of infection cause the complexity of efforts to identify and remove them manually.

How to remove malicious code from infected machines?

Users who upload a lot of apps from Google Play Store and other stores must check for malware.

Checking the device to make sure the GameStar Classic game is not enough is a good thing, as hackers often change the applications they use to deploy the “spider” software.

To find out if the device has this software, Acet recommends checking a number of indicators, including checking for an application called Google Update, by following the following steps: Settings> Application / Applications Manager> “Google Upgrade”.

The company also recommends that you check for an Active Device Management application under the name “System update” and find it through the path: Settings> Security> Device Administrators, as well as repeated impressions to alert Google Service.

In the case of any of the above indicators, the user’s device is likely to be infected with a “Bancobot” software. To manually remove malicious software, the user must first disable the administrator rights for the System Upgrade application, and then uninstall both Google Upgrade and associated Trojan applications.

The application of Trojan horses that cause malware to the device (in this case, the application of the Joel’s Star Classic) is usually complicated because of the 20-minute delay in the activity of the software, and the application is normally performed unquestionably. To identify and remove this threat from all components of your device, we recommend using a trusted security solution for mobile phones.

How can hardware security be maintained?

In addition to using reliable security solutions for mobile phones, there are many other things that a user must avoid in order not to become victim of mobile malware, including the preference of legitimate app stores for alternative stores where possible. In addition to being flawless, the Google Play store uses state-of-the-art security technologies that may not be available in alternative stores.

When there is a doubt about the app being installed, the user must verify the number of downloads, classify them and see the content of their ratings. After running any application on the mobile phone, the user should pay attention to the powers and rights required by that application. If any application is required to obtain suspicious intervention permissions – especially access powers – the user must read them carefully and not give them powers until they have been verified.


In: A Technology & Gadgets Asked By: [21020 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »

Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]