458
no list of apps anywhere
Jup. It just says that "the malware was disguised as PDF and QR code readers".
Not helpful, Mashable. Not helpful at all.
In fairness to Mashable, this isn't their fault. The people that made the report didn't make the list public.
Then why is this the subtitle:
The apps identified have since been removed from Google Play, but make sure you didn't install one.
Because tech journalism is trash on the best days, and these android malapps articles only ever amount to blogspam to make you nervous. I don't think I've seen more than a handful of these articles that actually warns you about the actual apps instead of just talking about the problem without relevant specifics.
I think I may know a few of those. But not through play store. They usually scam someone by saying they got a packet on their way and their tracking number must be opened on an app that they send via messaging apps.
These articles are useless without a damn list
Right
Am I just missing it, or is there no list of of these infected apps on the posted article or the reference the article links to. To me, that is the most important information.
It is about halfway down the article, but you have to dodge a few adds to get to that part.
"The two apps mentioned in the report were called "PDF Reader and File Manager" by Tsarka Watchfaces and "QR Reader and File Manager" by risovanul."
Well, I did miss that, I was skimming for something like a large list or table. That still leaves 86/90+ unlisted.
Agreed. If this article didn’t contain a way to check the apps, that would be irritating
Aren't apps on android hermetically sealed from other apps and malware. How could this be achieved ?
Since the other reply was unhelpful: apps are supposed to have limited privileges and isolation from each other, yes... But the whole point of malware like this is that they figure out ways to break those restrictions and get escalated privileged.
You can get more technical detail from reading the report, in this case it looks like the app does not contain malware, but instead requests an update after install that contains the bad code and then breaks the app limitations and scans for the target banking applications and copies the security certificates.
As a developer this question is hilarious to me
As a curious Android user this comment is useless to me
For a real answer here's the Zscaler blog write up: https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
It looks like they are doing it after app install with a malicious patch. This patch asks for SMS and accessibility access to gain privileges necessary to get into the banking apps. I haven't thoroughly read it but just looking at the attack chain that's what I gleaned.
Ugh, TIL zscaler actually does more than just send my PII to the USA without my consent.
As an Android developer that comment makes me sad. Then I remind myself that Lemmy is full of people who migrated from Reddit.
We each have our specialties, and it would be unreasonable to ask that everyone share yours.
Dude, do you not want people on this platform? Reddit migrants come with baggage yes but I'd rather that than the husk that was Lemmy before.
load more comments
(1 replies)
load more comments
(1 replies)
Why? They're absolutely right. The article doesn't say anything about a root exploit or phishing either so were left wondering...
He's being condescending because he believes as a developer nothing is actually fully secure. If I spend 100 hours building and securing something, that's not going to stack up very favorably vs the 1,000's or even 1,000,000's of hours attackers and communities can spend trying to break my security layers.
Basically, he's a dick in how he answered the question, but the truth every software engineer learns, is that there is no fully secure system. There's always an angle/attack vector you didn't think of and secure.
load more comments
(3 replies)
load more comments
(1 replies)
please enlighten the rest of us
Yes, the app doesn't steal any information from other apps. The report says the malware just displays a fake bank login page, in the hope the user gives it their details willingly.
As somebody who occasionally had to develop for android: the churn of improvements to app security was a huge pita. And as a user I know many of the abandoned apps that I liked that lost compatibility was for that reason.
So the fact that in spite of this pain, Android security still allows apps to do horrible crap like that is infuriating.
If you read the original report, it says that it basically just displays a fake banking login page. It also says that it requested accessibility service permissions, which makes me think maybe it brought up the fake login pages "in the right moment" (as in as users opened their banking apps) to make it more convincing, even though the article doesn't specify that.
Either way, IMO the problem here is clearly with the Play Store allowing this app in, and not with Android's security itself. These apps are misusing the accessibility service system, which is obviously necessary for a ton of important use cases (and of course also requires the user to grant very explicit permission). The fact that the accessibility services are a thing doesn't delegitimize Android's security improvements over the years.
If a user can open their baking app, and this app can sense that and open instead, then that is 100% an Android issue. That behaviour shouldn’t be possible.
"Accessibility service permissions" is a higher level of permissions than most apps get and Android will be all like "bro, are you sure you want to grant this app that kind of access and control? You really sure?" I've got a few apps on my phone with that level of permissions including one written by Google. They'd simply be unable to do their job without that level of access, jobs which have been straight-up good for my physical health. Ultimately there's a balance between security and letting the user do what they want.
The app doesn't contain malware when it's uploaded to the play store. It forced an update after it's installed that contains the malware.
That's not what I mean. I'm not thinking about Play Store security, but Android OS security. Like, your app physically has to ask for permission (or even require the user manually change settings) to do most unsafe things.
Physically? So the dev has to come ask you in person?
By mail, even
load more comments
(1 replies)
So I could write an app that is okay on the Google store, then change it to steal people's information? Hmmm 🤔 that gives me an idea....hahh! Too many projects at the moment.
According to the report, the app just displays a fake login page. I don't see a good way to prevent this.
From the actual report:
"Over the past few months, we identified and analyzed more than 90 malicious applications uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs.
Recently, we noticed an increase in instances of the Anatsa malware (a.k.a. TeaBot). "
So not 5.5M installs of this specific malware, FWIW
I got many apps installed. I don't keep in my memory what I have. How do I check that I don't have any from those compromised?
Go to Settings and search for Google Play Protect. Tap Scan, and if it results in No harmful apps found, you're safe.
Hello EVERYONE here's a list of 50 unbelieveable products that will change your life and grant you immortality:
Anatsa uses advanced techniques to avoid >detection and gain access to banking >information.
Anyone who knows what those advanced techniques are?
Can't steal my bank info if I use cash only...
How though. Over here cash isn't accepted anymore at most places. I only use cash for buying drugs. Most stores and groceries only accept card. Same with bars and clubs. I honestly have no idea besides drugs what to use cash for.
I cannot imagine such a dystopian, nightmarish place where you can only pay with something that personally identifies you. Congrats for living in a nightmare. I'd leave.
Yeah, sure, where to? I live in the Netherlands, one of the wealthiest countries. I've seen many parts of the world in my time in the navy. There aren't many places better then here, honestly. Only Norway scores higher, they have a lot of things worked out much better then the rest of us. But paying with plastic is very common there too. Also, digitalization doesn't have to be bad. Look at Estonia, I think many countries can benefit from their system. See here a video on it by Kraut. There's a difference between digitalization and a system like China has. But my expenses should be private at least, so cash would be best. They just make it harder every day. We used to be able to say "I'm not interesting, no one cares what I do, no one is going to check me". But now we have AI, now every one of us indeed IS interesting. And everyone is being checked to teach the algorithm. Countries with few laws to protect privacy and welfare of it's inhabitants, like the US for example, can turn to a totalitarian control state in no time with just one crazy idiot as a leader. At least the US never had idiots as president 👀. At least the US doesn't have a history of wanting to collect everyone's data 👀. At least they are not actively doing anything with the data, like China or Russia does 👀.
But on your point of living in a dystopian world: Yeah, we fucking do. But it doesn't matter where we live. It's dystopian everywhere. We live in World War III while we have to fight to get the bare minimum of privacy, we must work our ass off for the bare minimum of living standards and we buy products we do not own. Difference between the rich and poor has never been as high as now and the military strongest countries are run by idiots and dictators. Mass amount of people see Elon Musk as our savior for a better future, the biggest narcissistic hypocritical scam artist our there. At least Trump isn't president anymore. Oh wait.... Seriously, the movie Idiocracy isn't a comedy, it's a documentary. I seriously think the US would benefit if it had Dwayne Elizondo Mountain Dew Herbert Camacho as president over Trump.
While the rest of the world turns more extremist every day (especially right wing) with rising world tensions.
So if I plan on moving it will be out of the world of the living at best.
load more comments
(3 replies)
That is correct, but you do lose out on all investments that have generated the wealth to make people wealthy these days.
So let's say inflation was 4 percent for the year and you could have made 10 percent invested in stocks for the year, you would have made 6% profit on your money for the year. Instead you lost 4% that year.
That difference could make or break someone long term, completely different retirement options.
load more comments
(1 replies)
load more comments
(8 replies)
I' recommend to just read the report https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
iOS user: That’s a shame.
But seriously, this sucks and is why Google needs more rigorous vetting of apps that go into the store. Sure, you sideload, that’s your problem. But if on the Play Store, the general Android user would think there’s some good level of governance.
Of course there’s a measure of caveat emptor here. So hopefully it’ll teach people to be wary of what information they freely give out.
LOL, well I guess the Reddit masses are on Lemmy full swing now. Enjoy the malware, I'll continue laughing about it.
view more: next ›
this post was submitted on 02 Jun 2024
458 points (100.0% liked)
Technology
58824 readers
3808 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS