Shift made by hackers can affect those buying new Android phones

Shift made by hackers can affect those buying new Android phones
During last week's Black Hat security conference in Las Vegas, Google's Maddie Stone warned (via Forbes) those attending about the dangers inherent in pre-installed apps. Stone, a security researcher with the tech giant's Project Zero, pointed out that malicious actors are moving to the supply chain. She said, "If malware or security issues come as preinstalled apps, then the damage it can do is greater, and that's why we need so much reviewing, auditing, and analysis." Why is this move potentially more harmful to Android users? Because the attackers "only have to convince one company to include the app, rather than thousands of users." Stone says that most Android devices usually have 100 to 400 apps pre-installed out of the box.

The security researcher mentioned two particular malware attacks during her presentation, Chamois and Triada. The former pushes out fraudulent ads, sends out text messages that generate revenue, installs background apps and plugins. The latter is an older version of malware that also runs ads and installs other apps. Google has been screening pre-installed apps and Stone states that from March of 2018 through March of this year, the number of devices infected with Chamois was reduced from 7.4 million to 700,000.

Some infected apps can hide their presence on a phone


While these infected pre-installed apps are bad enough since they come with a new device out of the box, Android users need to use common sense when installing an app from the Google Play Store. Before downloading an app from an unknown developer, check out the comments. If the app is infected by malware, you'll usually find a number of complaints by users who have already installed the title and had to deal with some unusual issues related to it. For example, earlier this year Google removed 29 camera beauty and filter apps from the Play Store after it was discovered that they contained malware. These apps claimed to improve selfies and photos snapped by the user, but also served up full-screen ads. Anyone considering loading these apps on their phone would have been dissuaded to do so had they looked at the comments sections for most of these titles. An Android user who downloaded one of the infected apps warned others by writing, "Please don't download. If you download it, your phone will be hacked." Another user said that even though he deleted the app, and it no longer appeared in his list of installed apps, he was still receiving the ads that it was pushing out.


Many of the malware-infected apps are able to hide their presence on a phone once installed. The icon might not even appear anywhere on the device. But that doesn't mean that they can't continue to run ads on the device, or generally hamper the ability of a phone owner to use his or her handset. And any type of app can hide evil intentions. Even something as innocuous appearing like a wallpaper app can contain malware. You might recall that two years ago, Google removed such apps from its Android app storefront after they had infected 21 million handsets. In that case, a specific attack called ExpensiveWall was cooked up and "packed" inside these apps, allowing it to escape Google's scanning. These apps would send premium text messages that users were charged for, and also signed them up for other pay services without their knowledge or consent.

FEATURED VIDEO

12 Comments

1. Subie

Posts: 2356; Member since: Aug 01, 2015

Something like Blackberry root of trust and dtek here could help here...

2. cmdacos

Posts: 4110; Member since: Nov 01, 2016

This is a problem on any platform.

5. Leo_MC

Posts: 7216; Member since: Dec 02, 2011

Not on Apple’s.

3. OneLove123

Posts: 972; Member since: Aug 28, 2018

What about the hack on iOS contacts according sot wallstreet journal?

7. Leo_MC

Posts: 7216; Member since: Dec 02, 2011

As long as the hack only works when the hacker has access to the unlocked phone and needs to manually install a piece of software, it’s not really a hack.

9. tbreezy

Posts: 10; Member since: Aug 11, 2019

They always try grasp at straws. I read about it and laughed, Apple should have a patch out very soon and ALL devices will be updates at the same time, no waiting for carrier etc... to approve updates.

10. Leo_MC

Posts: 7216; Member since: Dec 02, 2011

Patch against what, lending the phone to another person?

4. Plutonium239

Posts: 1199; Member since: Mar 17, 2015

What is a "premium text message"?

6. Tizo101

Posts: 526; Member since: Jun 05, 2015

A 100 to 400 per installed? Which android phones are these?

8. tbreezy

Posts: 10; Member since: Aug 11, 2019

The Android fanboys are rather quiet on this particular subject, very interesting :’D Where are the usual apologists!? Anyway, this is not all that surprising.

12. TBomb

Posts: 1402; Member since: Dec 28, 2012

It's not a competition. There's no reason to try and make it one. And before I get told that there's tons of people who do it on both sides, I'm not the comment section police and can't comment on it all. I'm just someone who is trying to enjoy a website about stuff I enjoy and these types of comments ruin it for everyone.

11. Ichimoku

Posts: 165; Member since: Nov 18, 2018

an open source software is always like this. not a big deal, at least for me.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.