Android Malware

How Android malware sneaks past Google Play Protect

How Android Malware sneaks past the Google Play Protect

Hackers have distributed malware to hundreds of thousands of Android users by hiding it inside a series of apparently harmless apps. They are accomplishing this by using a technique called Dropper.

A dropper is a program/script, that has been designed to “install” a type of malware to a target system.

They don’t carry any malicious activities by themselves, but instead open a way for attack by downloading/decompressing and installing the core malicious modules. There are numerous apps slipping past Google Play Protect as they have split that dropper and the actual malware in two different parts.

Dropper was previously used to attack desktops, although they are not as effective on the desktop because of the presence of an antivirus software that detects the threats including the second-payload with more complex viruses or worms in real time. However, the effect is maximized on Android where there is no real-time anti-virus scanning app or built-in software. The only security measure is the scan that Google performs before approving the app on Google Play Store.

Google Play Protect cannot identify the dropper because they require only a smaller number of permissions and exhibit limited behaviour that could be classified as malicious. Furthermore, adding timers that delay the execution of any malicious code with a few hours also helps the malware remain undetected during Google’s scans.

Mobile malware creators consider official app stores to be the holy grail to maximize the results of infection campaigns. Getting a malicious app into an official store yields greater exposure to more potential victims, a cheap distribution channel and implied user trust. Moreover, malware apps that have already made it into an official store are more likely to fly under the radar of security controls for longer than those hosted on hijacked sites or rogue servers.

While such cybercrime services are popular with PC malware distributors, its rise in the mobile malware realm is an escalating risk factor that users and organisations should be aware of.

The Dropper method has been used predominantly by malware authors spreading versions of the Exobot, LokiBot, and BankBot mobile banking trojan but has also been adopted in the meantime by many others.

 

How you can protect yourself from mobile Trojans:

We recommend users take the following steps to protect themselves from mobile Trojans:

  • Only rely on trusted app stores, such as Google Play or Apple’s App Store. Even though the malware slipped into Google Play, its payload was downloaded from an external source. If you deactivate the option to download apps from other sources, you will be safe from this type of trojan activating on your phone
  • Before downloading a new app, check its user ratings. If other users are complaining about a bad user experience, it might be an app to avoid
  • Pay attention to the permissions an app requests. If a flashlight app requests access to your contacts, photos and media files, treat this as a red flag
  • Often, malware will ask to become device administrator to get control over your device. Don’t give this permission to an app unless you know this really is necessary for an app to work.

The Quixxi Security Solution

Is your mobile app for your customers handles any sensitive information (personal, health, financial) then it is a potential target for threat actors? The Quixxi Security suite assesses how secure your app is and optionally allows you to shield it against attack. All with one click, from your finished App. Head over to quixxi.com and get a free vulnerability test, it only takes a few minutes to identify where the vulnerabilities are and prevent any risks before it is too late.

Clientele

What are you waiting for to protect your mobile app?

Empowering Top Corporations and Government Entities in App Security

Quixxi has everything we needed in terms of app security. We liked how they had scan shield and app monitoring in the same dashboard. Their solution is easy to use and extremely effective.

Leading Cyber Security
Partner in EU

We chose Quixxi because their solution included every important feature on our requirement checklist. On top of that, we were extremely satisfied by their customer service

Prominent Middle East
Government Unit

We are really impressed with Quixxi’s app security approach that protects the critical aspects of the app without intruding in the functionality of the app. The whole experience was code free which was very simple to use and extremely effective.

Fortune 100
Finance Institution