Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Android Security

Droppers Is How Android Malware Keeps Sneaking Into the Play Store (bleepingcomputer.com) 38

Catalin Cimpanu, writing for BleepingComputer: For the past year, Android malware authors have been increasingly relying on a solid trick for bypassing Google's security scans and sneaking malicious apps into the official Play Store. The trick relies on the use of a technique that's quite common in desktop-based malware, but which in the last year is also becoming popular on the Android market. The technique involves the usage of "droppers," a term denoting a dual or multiple-stage infection process in which the first stage malware is often a simplistic threat with limited capabilities, and its main role is to gain a foothold on a device in order to download more potent threats. But while on desktop environments droppers aren't particularly efficient, as the widespread use of antivirus software detects them and their second-stage payloads, the technique is quite effective on the mobile scene.
This discussion has been archived. No new comments can be posted.

Droppers Is How Android Malware Keeps Sneaking Into the Play Store

Comments Filter:
  • ... and in my mac, and in my Synology NAS, and in my windows (mostly virtual) machines.

    If it is a General purpose computer, and you can install software written by someone else on it, even if the software only comes from an "App Store" that alegedly checks said software, one has to run an antivirus.

    that goes for Windows, Mac, Linux, Android, ChromeOS, Fuscia, etc.

    • I'll see your "software written by someone else" and raise you connects to the internet.

      • I'll see your "software written by someone else" and raise you connects to the internet.

        Amen colleague.

    • What is the point of running anti-virus on your Android, if you're downloading apps only from Google, and Google has already run anti-virus on the executable?
      • by Anonymous Coward

        So you're oblivious to the hundreds of pieces of malware that have gotten on the Play Store?

      • Answers to your questions:

        1.) With any luck, the AV engine that Google runs will e different to the AV engine that my antivirus runs.

        2.) As TFA said, malware disguises itself as beningn, and then downloads the malign part. Maybe all AV packages may miss the bennign part, but only an AV running on the phone itself will deteckt (pun intended) and hopefully block the trully malign part.

        3.) The Antivirus I run, gives me other goodies (licke bricking the phone in case the SIM changes). Maybe the antivirus you ch

    • by Desler ( 1608317 )

      So you distrust software written by someone else yet run anti-virus which is... software written by someone else.

  • by mysidia ( 191772 ) on Friday July 20, 2018 @03:27PM (#56982132)

    Shouldn't the executables be digitally signed by the author And signed in some matter specific to the device, and the platform should be designed so an app running in a sandbox can't launch an executable if it is unsigned or the signature doesn't match Or if the executable wasn't installed during an app installation?

    • by Anonymous Coward

      Correct. This shows that there is a massive problem in the Android ecosystem which needs to be promptly fixed. Apps should never be allowed to update themselves with payloads which have not been vetted and signed by Google. Developers who attempt to do this should be detected and banned.

    • This!

      It's easy in linux to make the program directory unwritable by the program and the data directory unexecutable. Same for ram: easy to mark the program memory read-only and the data memory non-executable.

      So how is this extraneous code successfully getting executed?

  • Huh? I thought almost every program on offer in the Play Store was malware? Guess we must have a different standard for "malicious".

  • the solution is to not allow applications to install executable files on your device.
    What possible good reason/excuse could these applications have to do this?

news: gotcha

Working...