Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

22 apps with 2 million+ Google Play downloads had a malicious backdoor

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 7 Dec 2018 10:02:11 +0000 (UTC)
https://arstechnica.com/information-technology/2018/12/google-play-ejects-22-backdoored-apps-with-2-million-downloads/

By Dan Goodin
Ars Technica
December 6, 2018
Almost two dozen apps with more than 2 million downloads have been removed from the Google Play market after researchers found they contained a device-draining backdoor that allowed them to surreptitiously download files from an attacker-controlled server.
The 22 rogue titles included Sparkle Flashlight, a flashlight app that had been downloaded more than 1 million times since it entered Google Play sometime in 2016 or 2017, antivirus provider Sophos said in a blog post published Thursday. Beginning around March of this year, Sparkle Flashlight and two other apps were updated to add the secret downloader. The remaining 19 apps became available after June and contained the downloader from the start. 


"Serious harm"
By the time Google removed the apps in late November, they were being used to click endlessly on fraudulent ads. "Andr/Clickr-ad," as Sophos has dubbed the family of apps, automatically started and ran even after a user force-closed them, functions that caused the apps to consume huge amounts of bandwidth and drain batteries. In Thursday's post, Sophos researcher Chen Yu wrote: 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: