vlog

NOWCAST vlog News at 6pm Saturday Evening
Watch on Demand
Advertisement

5 types of Android malware that made headlines in 2017
Abigail Elise
National Curator
5 types of Android malware that made headlines in 2017
Advertisement
5 types of Android malware that made headlines in 2017
Abigail Elise
National Curator
There are currently more than 2 billion monthly active Android device users - as the popularity of the operating system grows, hackers churn out new ways to steal personal or financial data, falsify revenue and spy on users.Even if malicious apps are eliminated from the Google Play Store, Android owners are still at risk if they don't delete them from devices. Earlier this year, 4,000 risky apps were removed from the virtual marketplace without notifying users, but more than 500,000 devices still had them actively installed."These users, and the organizations they work for, are still exposed to any vulnerabilities, privacy risks, or malware contained in these dead apps," said Santa Clara-based online security company McAfee.Kaspersky Lab detected more than 8.5 million malicious installation packages last year. Malware attacks on Androids also increased 50 percent.Here are the five biggest Android malware attacks of 2017:1. Expensive WallMore than 50 apps in the Google Play Store were infected with ExpensiveWall, a form of malware that sent fake text messages and charged users without permission.The malicious software was downloaded between 1-4 million times before it was removed. Some of the affected apps had been in the Google Play Store since 2015.Google was notified of the impacted apps in early August and removed them from its marketplace, but hackers uploaded a second strain of ExpensiveWall that infected 5,000 more smartphones within days.2. MarcherMarcher posed as an Adobe Flash Player update and could steal login credentials from at least 40 different retail, social media and banking apps.It was found inside apps found on third-party sites.Once a victim attempted to download an infected app, a pop-up window that asked to update the device's Flash Player appeared. If a person clicked, the malicious code infected the smartphone.Marcher would then disable security, remove its icon from the menu screen and wait for users to open an app from its list of targets, sending all of the device's information to a command and control center.The malware produced fake login pages for popular third-party apps like TD Bank, Google, Yahoo, Chase Bank, Paypal, Citibank, Walmart, Amazon, Western Union, Facebook and more. 3. XavierIn June, more than 800 Android apps in the Google Play Store were infected with malware that quietly stole personal and financial data from users. Xavier, a form of Trojan adware, hid inside several types of apps - call recorder, photo manipulator, ringtone changers and more.Xavier could collect and leak user data, run malicious code and install APKs (Android application packages) - all while avoiding detection.According to intelligence security firm Trend Micro, the malicious software was downloaded millions of times across the globe."ݲ’s stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis," the company said.The malware was found on devices in the U.S., Vietnam, the Philippines, Indonesia and Europe.4. DvmapDvmap was downloaded more than 50,000 times from the Google Play Store between March and June this year. It could inject code into a device's system library and eliminate root-detection software that identified malevolent programs."This Trojan...uses a number of very dangerous techniques, including patching system libraries," Kaspersky Lab said in June. "It installs malicious modules with different functionality into the system. It looks like its main purpose is to get into the system and execute downloaded files with root rights."Dvmap was hidden inside puzzle game "Colourblock," which was removed from Google's digital marketplace. To bypass security, hackers uploaded a "clean" app and updated it with a malicious version for a brief period of time - often less than 24 hours. This was done at least five times between April 18 and May 15.5. BankbotBankbot made its way into the Google Play Store in September, just months after its first removal in April.The original malware created fake overlay screens that looked like the login pages of popular banking apps. Once you entered your username and password, the data was passed onto cybercriminals.The newer Bankbot was even smarter than previous versions - waiting 20 minutes after its download before installing itself - a trait that may have helped it bypass Google's Play Protect.It could steal a person's payment card data by creating a fake overlay for the Play Store app, which comes installed on every Android device.Bankbot was found hidden inside Jewels Star Classic, a game that entered the Google Play Store on Aug. 26 and was updated on September 4.

There are currently monthly active Android device users - as the popularity of the operating system grows, hackers churn out new ways to steal personal or financial data, falsify revenue and spy on users.

Even if malicious apps are eliminated from the Google Play Store, Android owners are still at risk if they don't delete them from devices. Earlier this year, 4,000 risky apps from the virtual marketplace without notifying users, but more than 500,000 devices still had them actively installed.

Advertisement

Related Content

"These users, and the organizations they work for, are still exposed to any vulnerabilities, privacy risks, or malware contained in these dead apps," said Santa Clara-based online security company McAfee.

detected more than 8.5 million malicious installation packages last year. Malware attacks on Androids also .

Here are the five biggest Android malware attacks of 2017:

1. Expensive Wall

More than 50 apps in the Google Play Store were infected with ExpensiveWall, a form of malware that sent fake text messages and charged users without permission.

The malicious software was downloaded between 1-4 million times before it was removed. Some of the affected apps had been in the Google Play Store since 2015.

Google was notified of the impacted apps in early August and removed them from its marketplace, but hackers uploaded a second strain of ExpensiveWall that infected 5,000 more smartphones within days.

2. Marcher

Marcher posed as an Adobe Flash Player update and could steal login credentials from at least 40 different retail, social media and banking apps.

It was found inside apps found on third-party sites.

Once a victim attempted to download an infected app, a pop-up window that asked to update the device's Flash Player appeared. If a person clicked, the malicious code infected the smartphone.

Marcher would then disable security, remove its icon from the menu screen and wait for users to open an app from its list of targets, sending all of the device's information to a command and control center.

The malware produced fake login pages for popular third-party apps like TD Bank, Google, Yahoo, Chase Bank, Paypal, Citibank, Walmart, Amazon, Western Union, Facebook and more.

3. Xavier

In June, more than 800 Android apps in the Google Play Store that quietly stole personal and financial data from users. Xavier, a form of Trojan adware, hid inside several types of apps - call recorder, photo manipulator, ringtone changers and more.

Xavier could collect and leak user data, run malicious code and install APKs (Android application packages) - all while avoiding detection.

According to intelligence , the malicious software was downloaded millions of times across the globe.

"ݲ’s stealing and leaking capabilities are difficult to detect because of a self-protect mechanism that allows it to escape both static and dynamic analysis," the company said.

The malware was found on devices in the U.S., Vietnam, the Philippines, Indonesia and Europe.

4. Dvmap

Dvmap was downloaded more than 50,000 times from the Google Play Store between March and June this year. It could inject code into a device's system library and eliminate root-detection software that identified malevolent programs.

"This Trojan...uses a number of very dangerous techniques, including patching system libraries," Kaspersky Lab "It installs malicious modules with different functionality into the system. It looks like its main purpose is to get into the system and execute downloaded files with root rights."

Dvmap was hidden inside puzzle game "Colourblock," which was removed from Google's digital marketplace. To bypass security, hackers uploaded a "clean" app and updated it with a malicious version for a brief period of time - often less than 24 hours. This was done at least five times between April 18 and May 15.

5. Bankbot

Bankbot made its way into the Google Play Store in September, just months in April.

The original malware created that looked like the login pages of popular banking apps. Once you entered your username and password, the data was passed onto cybercriminals.

The newer Bankbot was even smarter than previous versions - waiting 20 minutes after its download before installing itself - a trait that may have helped it .

It could steal a person's payment card data by creating a fake overlay for the Play Store app, which comes installed on every Android device.

Bankbot was found hidden inside Jewels Star Classic, a game that entered the Google Play Store on Aug. 26 and was updated on September 4.

Top Picks

It's a girl! Shohei Ohtani of the Dodgers is now a father
30 years after the Oklahoma City bombing: Learn more about the 168 people who were killed
A look at what happened in the US government this week
Florida man attacked by charter captain in viral video speaks out