Android spyware looking for a place to settle down to continue cell phone monitoring can try their luck at Google Play. A horde of malware has been recently found, by security researchers from Symantec, on Google play or what was formerly called the Android Market. This finding signifies the bounds of a scanning feature that was recently contrived specifically to pin down malicious applications before they could make it to the user downloads.
Malware: the whole equals the sum of its parts
A Trojan malware was found under two independent titles that managed to stay concealed and under the radar for several weeks. This malware, Android Dropdialer stacks pricey charges from forced calls that were made to premium numbers and according to a blog post by Irfan Asrar, a researcher working with Symantec antivirus provider, the malicious applications were fitted in “GTA 3 Moscow City” and “Super Mario Bros”. These applications generated a huge figure of 100 000 downloads before detection. Additionally, the researcher explains that the most interesting and striking fact about this Trojan is that it managed to persistently linger on Google Play for so long racking up a huge number of downloads before it could be found, he suspects that it could have been made possible by the remote payload used by the malware. Asrar previously expounded, in a post last year, that splitting up a malicious application into individual constituents allowed it to get through the automated screening process undetected. The point in doing so is that instead of sending the entire malicious code in one file, it could be broken up in the form of distinct modules, which are later delivered individually. In a similar vein, Android Dropdialer made its way to the devices partially through Google play and upon installation it downloaded the rest of its malware packages.
Let’s all play the blame game
The victims of this malicious app were prompted for a number of permissions including ‘services that cost you money’, according to the blog post, signifying that the end user who falls for such an attack carries some of the responsibility too. However, bearing in mind that these titles were residing on Google’s prized servers, a few fingers can also be pointed in that direction. In its efforts to seek redemption, Google also released its cloud based malware scanner called Bouncer in February. Nonetheless, malicious apps have been discovered by researchers lurking on Google Play at least twice, while malware have been found on Google Chrome Web store as well. In addition, Charlie Miller and Jon Oberheide, renowned mobile Security experts, recently claimed that they have figured out a multitude of mechanisms that can allow malware to get into Google Play by sidestepping Bouncer. Google has not responded to an e-mail looking for its comments regarding this claim.
The debate regarding malware and security measures is circular like the chicken and the egg argument. There have been and hopefully will be updates and a continuation of efforts from Google regarding better security measures but malware continue to exist. Hopefully the future will bring more comfort and a lot less angst to the users and the company alike.