no list of apps anywhere
Jup. It just says that “the malware was disguised as PDF and QR code readers”.
Not helpful, Mashable. Not helpful at all.
Am I just missing it, or is there no list of of these infected apps on the posted article or the reference the article links to. To me, that is the most important information.
It is about halfway down the article, but you have to dodge a few adds to get to that part.
“The two apps mentioned in the report were called “PDF Reader and File Manager” by Tsarka Watchfaces and “QR Reader and File Manager” by risovanul.”
Well, I did miss that, I was skimming for something like a large list or table. That still leaves 86/90+ unlisted.
These articles are useless without a damn list
Right
Aren’t apps on android hermetically sealed from other apps and malware. How could this be achieved ?
Since the other reply was unhelpful: apps are supposed to have limited privileges and isolation from each other, yes… But the whole point of malware like this is that they figure out ways to break those restrictions and get escalated privileged.
You can get more technical detail from reading the report, in this case it looks like the app does not contain malware, but instead requests an update after install that contains the bad code and then breaks the app limitations and scans for the target banking applications and copies the security certificates.
Yes, the app doesn’t steal any information from other apps. The report says the malware just displays a fake bank login page, in the hope the user gives it their details willingly.
As a developer this question is hilarious to me
As a curious Android user this comment is useless to me
For a real answer here’s the Zscaler blog write up: https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
It looks like they are doing it after app install with a malicious patch. This patch asks for SMS and accessibility access to gain privileges necessary to get into the banking apps. I haven’t thoroughly read it but just looking at the attack chain that’s what I gleaned.
As an Android developer that comment makes me sad. Then I remind myself that Lemmy is full of people who migrated from Reddit.
We each have our specialties, and it would be unreasonable to ask that everyone share yours.
Hey don’t pretend that you didn’t migrate as well.
please enlighten the rest of us
Explain yourself
There’s no such thing as perfect security… unless your application is trivial and doesn’t do very much. Android is designed to collect data from the dozen plus sensors on your phone in order to get money from app vendors to push ads.
As somebody who occasionally had to develop for android: the churn of improvements to app security was a huge pita. And as a user I know many of the abandoned apps that I liked that lost compatibility was for that reason.
So the fact that in spite of this pain, Android security still allows apps to do horrible crap like that is infuriating.
If you read the original report, it says that it basically just displays a fake banking login page. It also says that it requested accessibility service permissions, which makes me think maybe it brought up the fake login pages “in the right moment” (as in as users opened their banking apps) to make it more convincing, even though the article doesn’t specify that.
Either way, IMO the problem here is clearly with the Play Store allowing this app in, and not with Android’s security itself. These apps are misusing the accessibility service system, which is obviously necessary for a ton of important use cases (and of course also requires the user to grant very explicit permission). The fact that the accessibility services are a thing doesn’t delegitimize Android’s security improvements over the years.
If a user can open their baking app, and this app can sense that and open instead, then that is 100% an Android issue. That behaviour shouldn’t be possible.
“Accessibility service permissions” is a higher level of permissions than most apps get and Android will be all like “bro, are you sure you want to grant this app that kind of access and control? You really sure?” I’ve got a few apps on my phone with that level of permissions including one written by Google. They’d simply be unable to do their job without that level of access, jobs which have been straight-up good for my physical health. Ultimately there’s a balance between security and letting the user do what they want.
The app doesn’t contain malware when it’s uploaded to the play store. It forced an update after it’s installed that contains the malware.
That’s not what I mean. I’m not thinking about Play Store security, but Android OS security. Like, your app physically has to ask for permission (or even require the user manually change settings) to do most unsafe things.
It does, you have a full screen scary warning when an app asks for these accessibility permissions. Clearly many people just give it to a random QR code reader app for some reason.
Physically? So the dev has to come ask you in person?
By mail, even
So I could write an app that is okay on the Google store, then change it to steal people’s information? Hmmm 🤔 that gives me an idea…hahh! Too many projects at the moment.
According to the report, the app just displays a fake login page. I don’t see a good way to prevent this.
From the actual report:
"Over the past few months, we identified and analyzed more than 90 malicious applications uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs.
Recently, we noticed an increase in instances of the Anatsa malware (a.k.a. TeaBot). "
So not 5.5M installs of this specific malware, FWIW
I got many apps installed. I don’t keep in my memory what I have. How do I check that I don’t have any from those compromised?
Hello EVERYONE here’s a list of 50 unbelieveable products that will change your life and grant you immortality:
AI probably “wrote” that
I’ recommend to just read the report https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
iOS user: That’s a shame.
But seriously, this sucks and is why Google needs more rigorous vetting of apps that go into the store. Sure, you sideload, that’s your problem. But if on the Play Store, the general Android user would think there’s some good level of governance.
Of course there’s a measure of caveat emptor here. So hopefully it’ll teach people to be wary of what information they freely give out.
LOL, well I guess the Reddit masses are on Lemmy full swing now. Enjoy the malware, I’ll continue laughing about it.
