Android apps are being "poisoned" by this awful malware
Date:
Tue, 13 Dec 2022 14:37:01 +0000
Description:
The ERMAC malware is back again, trying a new tactic to fool users thats old news to us.
FULL STORY ======================================================================
Researchers have discovered a program thats binding malware to legitimate Android applications.
As reported by The Register , analysts for cybersecurity firm ThreatFabric learned of the Zombinder service while investigating another malware spread campaign using the ERMAC banking trojan, malware that TechRadar Pro has previously reported on.
In their report , the researchers said "while investigating ERMAC's activity, our researchers spotted an interesting campaign masquerading as applications for Wi-Fi authorization. It was distributed through a fake one-page website containing only two buttons." ERMAC and Droppers
These buttons acted as download links for Android versions of ERMAC-developed dummy applications, which are useless to the end user but are designed to log keystrokes, as well as steal two-factor authentication (2FA ) codes, email credentials and bitcoin wallet seed phrases, amongst other things.
However, while some of the malicious apps available from the platform are likely the responsibility of core ERMAC developer DukeEugene, the team also found that some of the apps were disguised as legitimate instances of the Instagram app, as well as other applications that have listings on the Google Play Store.
As is often the case with malware campaigns, a dropper obtained from the dark web is being used by the threat actors so their apps can evade detection, in this case, Zombinder. Droppers install what is functionally a clean version
of the app, but then present users with an update that then contains the malware.
This is a clever delivery system as, particularly with apps that purport to
be from common, trusted vendors like Meta, as users are more likely to
install an update from app developers they recognise.
This particular dropper service was announced in March 2022 and, according to ThreatFabric, has already become popular with a number of threat actors. Read more
Check out our list of the best identity theft protection right now
These fake Android antivirus apps install a dangerous banking trojan
These two dangerous Trojan 'dropper' Android apps have already been
installed thousands of times
Dropper attacks are largely made possible because of the open nature of Android allowing users to sideload apps obtained from repositories other than the Google Play Store, and even from app developers themselves.
While this open ecosystem benefits security-conscious users, users seeing it purely as a means of pirating applications that usually cost money, for instance, can become easy pickings for threat actors armed with banking trojans, who are then free to steal data, credentials and even money from innocent users. Heres our list of the best firewalls right now
======================================================================
Link to news story:
https://www.techradar.com/news/android-apps-are-being-poisoned-by-this-awful-m alware
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)