Google Play Store Security Fails As Malware Invades

Google Play App Store on Pixel 3 XL Android Phone, with Notch
The Google Play app store on an Android Pixel 3 XL smartphone, with the front-facing notch with cameras, sensors, and a speaker. (Photo: Tony Webster/Flickr)

With millions of users running devices on the Android platform, it is no longer a surprise why Google is one of the most targeted companies in the world by hackers. Recently, a terrifying malware managed to breach through Google Play Store's sophisticated security protocols and may have spread to millions of Android users.

Recent reports from several tech websites have confirmed that the malware named "PreAmo" managed to breach the Google Play Store security and infected at least six Android Apps. Reports added that these apps clocked in a combined 90 million downloads, putting these devices at risk.

Weeks before the discovery of PreAmo, another malware managed to infiltrate 50 Android apps putting to risk a total of 30 million Android devices.

According to reports, the new malware can bypass Google's 2FA or two-factor authentication security protocol. 2FA is one of Google's security protocols which prompts users to enter their login credentials and a unique one-time code. The one-time code is usually sent through SMS or email. This ensures the system that only legitimate and verified users can access their account.

This new malware is reportedly able to obtain this one-time password even without permission. The malware was first spotted by security engineers working for ESET, an anti-virus developer.

In a security update release in March, Google restricted apps from using SMS and Call Log permissions. This denied apps from abusing these permissions. Nevertheless, hackers were able to create a workaround that enables them to access these one-time codes without the need for SMS permissions. The malware was also able to do this with E-mail based 2FA protocols.

According to security researcher Lukas Stefanko, the infected apps mimic the Turkish cryptocurrency exchange BtcTurk to phish for user login credentials. Stefanko added that all information entered by unsuspecting users of the infected app would be sent to the hacker's server.

Regarding the capabilities of these infected apps, Stefanko said, "The attackers behind this app can also dismiss incoming notifications and set the device's ringer mode to silent, which can prevent victims from noticing fraudulent transactions happening."

On how to protect users from these harmful apps, Stefanko said that if they suspect malicious operations from a certain app, it would be very wise to uninstall them. They also advise keeping all devices updated to make sure that they have the latest security updates.

© 2019 Business Times All rights reserved. Do not reproduce without permission.
Sign Up for Newsletters and Alerts