For all the hullabaloo in recent days about the XcodeGhost malware making its ways into the iOS App Store, no-one can argue with the fact that Apple has been much more successful at keeping malicious code out than, say, what we see on the Android front.
There has been a long history of Android malware. Much of it has appeared on unofficial third-party sites, but with disturbing regularity malware has also sneaked its way into the official Google Play app store too, lending trojans and adware the undeserved halo of legitimacy.
For instance, researchers at Check Point have just reported that an Android app called “Brain Test” was downloaded between 200,000 and 1 million times, using a sophisticated variety of tricks to avoid detection by Bouncer – Google’s technology which is supposed to stop malicious apps from entering the store.
You can find out more about the malicious Brain Test app, and view some tips about how to better protect your Android device from similar attacks, in the video I have made about the incident, and subscribe to my YouTube channel if you wish.
And don’t think it’s just Brain Test that you have to worry about.
Yesterday, researchers at ESET described how another Android trojan called Mapin has used the official Google Play store as a launchpad for an attack, hidden inside bogus versions of popular games such as “Plants vs Zombies 2”, “Traffic Race” and “Temple Run 2 Zoombie”.
Again, on this occasion, online criminals had found a way of avoiding detection by Google’s Bouncer. According to ESET, Google eventually pulled the trojans from the Google Play store – but only after they had resided their undetected for a year and a half.
Earlier this year, Google announced that all apps and updates will have to pass human review – but clearly it’s remains possible for criminals to slip their malware past such checks.
So, Android users. Don’t make the mistake of enjoying Apple’s XcodeGhost discomfort too much – you have plenty of reasons to be much more worried about malware in your own back yard.
Graham, you missed this one from yesterday! Fireeye security has been REAL busy,because they discovered a Chinese ad firm repackaging Android apps with adware,and ROOTING phones to install other apps without user interaction. And even without rooting can infect all operating systems up to,and including lollipop 5.1 . This is global in nature,and furthermore,can even be hijacked by others, because they are doing it over http. Here is the blog article by Fireeye: https://www.fireeye.com/blog/threat-research/2015/09/guaranteed_clicksm.html
Thanks David.
I did tweet about that incident (especially as a couple of folks thought i was hyping up the Android threat in my video), but I agree it's worth sharing that development with a wider audience.
There are only enough hours in the day to write about *some* of the Android security issues… ;-)