gizmosure

Tag: Security

  • Google Play Store hit with another Trojan-ridden app

    Google Play Store hit with another Trojan-ridden app

    Yet another malicious call recording application has been discovered on Google’s PlayStore by malware researcher Lukas Stefanko. The app, called Simple Call Recorder published by FreahApps Group, already had over 5000 installs and has been available on the PlayStore since November 30, 2017.

    Despite being a normal call recording app, Simple Call Recorder tricked users into donwloading an additional app impersonating as a flash player update, explained malware researcher Lukas Stefanko. Once installed, the malicious app compromised and infected the device by asking the user to install a fake flash player update.

    “After install and launch, Simple Call Recorder decrypts additional binary file carried in assets and dynamically loads it. This behaviour is typical for the most Android threats these days. This Trojanized app contains call recording functionality and malicious code responsible for downloading and installing additional app,” explained malware researcher Lukas Stefanko in a blog post.

    Interestingly, the Simple Call Recorder application has been on the Play Store for almost over a year, which happens to be a really long time before being found and then finally removed.

    It’s also worth noting that this isn’t the first time malware reseracher Stefanko has found a Trojanized Android app on the Google Play Store. Back in September, he found a Trojan-ridden banking app which also disguized itself as a functional phone call recording app and stole banking information from compromised Android devices.

    Surprisingly, even this one lasted on the PlayStore for quite long and witnessed over 10,000 installs. The app was capable of stealing banking credentials even when SMS two-factor authentication was activated.

    Besides, malware reseracher Stefanko also found 29 other malicious Android apps from August unitl early October 2018 in the Google Play store, which also masked themselves as authentic banking apps and used phishing forms to collect a user’s personal banking information. Fianlly, Stefanko suggests that if an Android app asks you to download Flash Player from servers besides Adobe, it should be taken as a warning sign as the app is most likely infected.

  • Google releases Android November security patch

    Google releases Android November security patch

    Google rolls out the November security update for Pixel, Nexus, and Essential devices. The latest Android security patch arrives with fixes for 17 security vulnerabilities.

    However, Android’s November Security patch includes bugs and fixes specifically aimed at Pixel devices. According to Google, the new patch is likely to improve notification stability and picture-in-picture performance on Pixel 2 and Pixel 3 devices.

    In addition, this update also brings the Pixel launcher button, which allows Pixel 2 and Pixel 2 XL users to launch Assistant much faster. Users can now squeeze Active Edge and easily trigger Google Assistant on their Pixel 2 handsets.

    Users are also reminded that the new update does not resolve memory management issues with the Google Pixel 3. An issue which causes background apps to spontaneously close. However, Google is aware of the issue and a fix for the same is expected to roll out in the coming weeks.

    It’s also worth noting that Google’s November Security patch will possibly be the last update rolling out to Pixel C, Nexus 6P, and Nexus 5X smartphones. As Google usually has a two year firmware upgrade cycle after a device is released. With that being said, it shouldn’t be a cause for concern thanks to dedicated developer communities who build ROMs that bring the latest security patches and Android features to most of Google’s older devices.