Quantcast

Android Apps Download Spyware To Monitor Your Text Messages, Call Logs, Location

Discussion in 'Off-Topic Discussion' started by CatfishRivers, May 11, 2013.

  1. CatfishRivers

    CatfishRivers Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    14,604
    Likes Received:
    877
    Trophy Points:
    113
    Android Apps Found on Google Play Download Spyware (click for full article)

    by Emil Protalinski - May 11, 2013

    "A new piece of Android malware has been discovered with two components: a downloader available on Google Play and the spyware app it downloads. The authors have disguised their scheme under the guise of font-installing apps.


    The threat, detected as "Android.TechnoReaper" by security firm Webroot, thankfully does not appear to be too popular. It is rather cleverly disguised though, as the security firm points out:


    Offering an app that claims to download more content is a rather simple way to bypass Google Play's security systems. This is a perfect example of why humans need to approve apps before they can arrive in an app store, and why each feature needs to be tested thoroughly.


    We have verified that the two apps found by Webroot are still available on Google Play. The good news is that the first app had less than 100 downloads and the second had somewhere between 10,000 and 50,000 - hardly popularly apps by Android's standards.


    It's not currently clear if other similar apps are available, but it's easy to see how they could be modified from claiming to push fonts, to other content, such as music, videos, or games - this would lead to a dramatically larger potential install base. What is downloaded by these apps could also be modified by simply plugging in a different URL, as you can see from the apps' code:"
     
    Last edited: May 11, 2013
  2. mrspock

    mrspock Active Member

    Joined:
    May 14, 2012
    Messages:
    454
    Likes Received:
    64
    Trophy Points:
    28
    Google should force these app developers that require all the permissions they list to prove why they need specific permissions. I mean why would a simple game require access to Phone contacts. I hate that Google doesn't care lets the developer obtain all the permissions they want.
     

Share This Page