• US defense contractor allegedly planted dozens of malicious apps

    From TechnologyDaily@1337:1/100 to All on Thu Apr 7 12:15:04 2022
    US defense contractor allegedly planted dozens of malicious apps on Google Play

    Date:
    Thu, 07 Apr 2022 11:03:25 +0000

    Description:
    Google has removed dozens of malicious apps from the Play Store.

    FULL STORY ======================================================================

    Google has removed dozens of malicious apps from its mobile app marketplace, all of which allegedly contained code tied to a contractor employed by US national security agencies.

    According to a Wall Street Journal report, the company that wrote the code is called Measurement Systems. The firm is said to have paid developers around the world to embed its software development kit (SDK) in their apps.

    The precise number of Android apps that carried the malware is unclear (there were at least twelve), but according to the researchers responsible for the discovery the apps were downloaded at least 60 million times in total. TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << Targeting the Middle
    East

    Google has now removed the compromised apps from the Play Store, but they remain active and are still gathering data. The apps include a number of Muslim prayer apps (with more than 10 million downloads), highway-speed-trap detection apps, QR-code reading apps and other popular consumer apps.

    Allegedly, Measurement Systems told developers they wanted data from users in the Middle East, Central and Eastern Europe and Asia.

    Some of the offending apps have already been permitted to return to Google Play listings after removing the controversial code.

    According to Serge Egelman and Joel Reardon, the researchers behind the discovery, the findings represent the most privacy-invasive SDK they have
    seen in the six years they have been examining mobile apps. Read more

    Beware Android users - These 23 apps may be spying on you



    Some of the most basic Android apps might be spying on you more than you'd
    think



    Meta cracks down on mysterious companies spying on Facebook users

    The SDK was gathering all kinds of data, from the precise location of the endpoints, to email addresses, phone numbers, and data on nearby personal devices. The device clipboard was also monitored, meaning whoever coped and pasted their passwords on the mobile device was at risk.

    According to the researchers, the type of data harvested is highly unusual,
    as consumer data brokers typically steer clear from data that is protected by privacy laws. Keep your devices safe from ransomware with the best ransomware protection services right now

    Via Wall Street Journal



    ======================================================================
    Link to news story: https://www.techradar.com/news/us-defense-contractor-planted-dozens-of-malicio us-apps-on-google-play/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)