Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Mobile

    Security Vendors Warn of Banking Malware, Spyware on Google Play

    By
    Jaikumar Vijayan
    -
    April 20, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Mobile Malware

      The Google Play mobile app store is generally considered one of the safest sources for finding and downloading Android applications. That doesn’t mean it is entirely risk free though.

      In recent months there have been several instances where security researchers have warned about malicious and potentially harmful applications lurking on Google Play waiting to be downloaded by unsuspecting users.

      This week, there were similar warnings from two separate security firms about more such malware on Google Play.

      One of the alerts was from Zscaler, which said it had discovered a spyware tool posing as a system update in Google Play. The malware appears to have been available on the Google app store since at least 2014 and has been downloaded between 1 million and 5 million times, the security vendor said in an alert Wednesday.

      Zscaler discovered the malware on April 11 and reported it to Google a couple of days later. Google then removed the app in less than 24 hours, Zscaler’s director of security research Deepen Desai wrote in an email responding to questions from eWEEK.

      The spyware, which Zscaler has dubbed SMSVova, was designed to monitor and relay a victim’s location to an unknown third-party in real-time using SMS messaging. In its description on Google Play, the application claimed to give users access to Android updates but it was actually being used to spy on a victim’s exact geographic location, Zscaler said.

      When a user attempted to start the application, it would immediately crash and serve up an error message indicating that the update service had stopped.

      In the background though, the spyware would quietly enable the victim’s device to fetch and send device location data to the attackers using specially configured SMS text messages. The malware was designed to let attackers use SMS messages to send and receive instructions and data from compromised devices.

      The functionality for tracking the exact geolocation could be activated by sending a specific command over SMS to the infected device, Desai said. “Once activated, the device will send an SMS to the configured destination [with the] exact geolocation of the infected device,” he said. It is unclear what exactly the attackers were doing with that information he said.

      Similar tools are available on Google Play that allows users to quietly keep tabs on children or spouses, Zcaler noted in its alert. What made SMSVova different was the fact that it was disguised as an application with a completely different function and gave user no indication of its spying capabilities, the security vendor said.

      The other alert this week was from Securify. In a blog post, a security researcher from the company wrote that he had discovered banking malware hidden in a legitimate application on Google Play called Funny Videos 2017.

      The Android malware was designed to grab the Internet banking credentials and credit card numbers of mobile banking customers of several dozen banks worldwide. The malware contained phishing overlays, or pages designed to look exactly like the account login pages of the targeted financial institutions, according to the Securify post.

      When a mobile banking customer of any of the targeted banks attempted to log into their accounts, the malware would use the phishing overlay for that institution to grab credit card and login details.

      The application was last updated earlier this month, which is when the malware was most likely added, the Securify researcher wrote.

      Google has removed the malware-laden application from Play after learning about it, but between one thousand to five thousand users appear to have already downloaded it, according to the security vendor.

      “Consumers have been repeatedly told that only reputable online stores should be used to download apps,” saidRobert Capps, vice president of business development at NuData Security in an emailed statement. Yet, this discovery throws that advice into question and leaves the consumer with few options,” beyond combing reviews, he said. 

      Jaikumar Vijayan
      Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×