In recent developments, threat actors are using a technique known as “versioning” to evade Google Play Store’s malware detection mechanisms, posing a significant risk to Android users. This method allows them to specifically target users and compromise their sensitive information, including credentials, data, and finances. Despite being a known tactic, versioning remains challenging to detect, making it a preferred choice for malicious developers.
In May, cybersecurity firm ESET uncovered a screen recording app called “iRecorder – Screen Recorder.” Surprisingly, the app remained undetected for almost a year on the Play Store before malicious modifications were made to enable covert spying on its users.
SharkBot, a notorious malware utilizing the DCL method, has been consistently resurfacing on the Play Store. This malware disguises itself as security and utility apps to deceive users.
Operating as a financial trojan, SharkBot executes unauthorized money transfers from compromised devices through the Automated Transfer Service (ATS) protocol.
Operating as a financial trojan, SharkBot executes unauthorized money transfers from compromised devices through the Automated Transfer Service (ATS) protocol.
Here’s how the versioning technique works:
Innocent-looking Initial Release: Malicious developers begin by releasing an app’s initial version on the Google Play Store, which appears harmless and successfully passes Google’s pre-publication security checks. This initial version is designed to avoid detection by security measures.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: