Today it’s been reported that Google has removed not one, but two malicious apps ZTORG Trojans from their play marketplace (and this is not the second time in the month of June!).
A researcher with Kaspersky Lab on Tuesday described how attackers managed to evade settings set in place by Google Play’s VerifyApps malware scanner in order to sneak malware onto unsuspecting users’ devices. Earlier this month Google removed a rooting Trojan, Dvmap, from Google Play that was disguised as a puzzle game. If downloaded, the app could have rooted Android devices and injected malicious code into an infected device’s system.
The two apps that Google removed more recently, Magic Browser, and Noise Detector, were vehicles for the Ztorg Trojan, Kaspersky claims.
The more successful of the two apps, Magic Browser, mimicked the Google’s Chrome browser. It was installed 50,000 times after it was uploaded on May 15, but never was updated according to Roman Unuchek, a senior malware analyst with Kaspersky Lab an Android malware specialist who discovered the apps.
Instead it appears the attacker bided his time, choosing to update the app on and off, with clean, then malicious content. That likely afforded attackers the option to make money, via Ztorg’s SMS functionality, before actually rooting the devices.
Unuchek says that if the app hadn’t been removed from Play, publishing the rooting malware likely would have been the attackers’ next step. Adding this functionality could have also been what alerted Google to the Trojan’s presence, the researcher adds.
Once deployed, Ztorg Trojans traditionally collect information about the device, send it along to the attacker’s command and control server, and get to work doing the cybercriminals’ bidding. Attackers can leverage Ztorg’s SMS functionality to carry out a handful of tasks, including sending premium rate SMS messages, deleting incoming SMS messages, and switching off sound, Unuchek points out.
The concept of Android Trojans sending premium SMS messages is almost as old as Android malware itself; the technique has long been a way for cybercriminals to make quick, easy money.
As you know, the battle against hackers is a long and difficult fight. An attacker just requires one vulnerability to break in and you need to find all of them to keep them out. While this may seem like a daunting, if not an impossible task, with the help of Key CDN, we have some tips, technique, and advice for keeping the bad guys out. Head over to our blog to learn more about protection against malicious apps and implementing a security web app plan here.