#cybersecurity | #hackerspace |

Dozens of Apps Still Dodging Google’s Vetting System


Bitdefender researchers recently analyzed 25 apps that made
it into Google Play, at least for a time, packing aggressive adware SDKs that
bombarded users with ads and avoided removal by hiding their presence.
Cumulatively, the apps were apparently downloaded almost 700,000 times by
Google Play users.

While Google has gone to great lengths to ban malicious or
potentially unwanted applications from the official Android app store, malware
developers are nothing if not imaginative when coming up with new ideas to
dodge Google Play Protect.

Some of the key techniques found for dodging security
vetting revolve around using open source utility libraries (used by Evernote,
Twitter, Dropbox, etc.) to run jobs in the background, using different developer
names to submit identical code, and even hiding code that is triggered remotely
by command & control servers.

Key techniques found for dodging security vetting:
  • Main logic is encrypted and loaded dynamically
  • Check that system time is at least 18 hours
    after a specific time using a hardcoded numerical value for the time (not a
    time object), then it starts hiding its presence
  • Use an open source utility library (used by
    Evernote, Twitter, Dropbox, etc.) to run jobs in the background
  • Longer display time between ads (up to 350
    minutes)
  • Adware SDK, written in Kotlin, with debug
    symbols present and lack of obfuscation, possibly mimicking clean SDKs
  • Use different developers to submit identical
    code base
  • Hiding code that is triggered remotely by server
    config or command, no more used timers
  • Uploading an initially clean application and
    then adding a malicious update

For a more detailed technical analysis, please check out the technical paper below:

Dozens of Apps Still Dodging Google’s Vetting System



Source link

Leave a Reply