
Google Confirms Play Store App DeletionWhat You Do Now
www.forbes.com
Another day, another Play Store deletion.NurPhoto via Getty ImagesRepublished on March 15th with a new report highlighting dangerous apps.What a week for Play Store. Google has been busy with its delete button, with multiple threats sneaking their way inside Androids best secured app vault. Not a good look. And all this has come hot on the tail of the latest warning that Android is under attack.First came an ad fraud scheme leading to the deletion of 180 apps with 56 million downloads, then another dangerous Anatsa/Teabot trojan ejected from the store, we have even fake Play Store pages tricking users into high-risk installs.Now another threat has been outed, with Google confirming all the newly identified apps hiding a nasty new spyware have also been ousted from Play Store. This latest warning came courtesy of Lookout, which attributed the new KoSpy malware to the North Korean group APT37 [ScarCruft].The team says the spyware can collect extensive data, such as SMS messages, call logs, location, files, audio, and screenshots. Its a North Korean team effort with evidence of infrastructure being shared with APT43 [Kimsuky]The new malware attacks both English and Korean speakers, and seemingly dates back at least to early 2022 and is still in the wild now. KoSpy has been observed using fake utility application lures, such as File Manager, Software Update Utility and Kakao Security, to infect devices. The spyware comes with an impressive list of capabilities:"Collecting SMS messagesCollecting call logsRetrieving device locationAccessing files and folders on the local storageRecording audio and taking photos with the camerasCapturing screenshots or recording the screen while in useRecording key strokes by abusing accessibility servicesCollecting wifi network detailsCompiling a list of installed applications."While none of the identified apps remain on Play Store, they will be available elsewhere. KoSpy samples in Lookouts corpus masquerade as five different apps: (Phone Manager), File Manager, (Smart Manager), (Kakao Security) and Software Update Utility. If any are on your phone, delete them now."Play Store spyware appLookoutAs well as KoSpy, you should remove any of the ad fraud and Anatsa apps (per links above), which Google has also confirmed have been deleted from the store. You should also ensure Googles Play Protect is enabled at all times on your device.In response to Lookouts report, Google told me the use of regional language suggests this was intended as targeted malware. Before any user installations, the latest malware sample discovered in March 2024 was removed from Google Play. Google Play Protect automatically protects Android users from known versions of this malware on devices with Google Play Services, even when apps come from sources outside of Play.Google is updating Play Protect to make it easier to pause its defenses to facilitate sideloading. As this new warning clearly illustrates, you should never do this unless youre absolutely sure of the legitimacy of the app youre installing and the source. As Ive warned before, sideloading itself puts you at risk and this new option is dangerous and needs handling with care. Youre driving at speed, but removing your seatbelt.A timely new report from UCL in London has just warned that some unofficial parental control apps have excessive access to personal data and hide their presence, raising concerns about their potential for unethical surveillance as well as domestic abuse, highlighting that sideloaded apps are much riskier than those on Play Store.The new study is the first to compare official parental control apps available in the Google Play Store and sideloaded or unofficial parental control apps available from other sources The team found that sideloaded apps were more likely to hide their presence from the phone user [and] require excessive permissions, including dangerous permissions such as being able to access personal data, like precise user location, at all times. None of which should come as a surprise.This is just the latest report to highlight sideloading risks, which Google itself warns is dangerous. Whats interesting here is that parental control apps by their nature will ask for excessive permissions to operate. Its a boon for data harvesters to be able to operate in this way on your phone. But for apps in such a sensitive area to be able to lure users into installing, potentially disabling Play Protect in the process, is dangerous.Google has long promised to eradicate such abuse, removing these apps from Play Store and monitoring on-device behavior. But all this remains work in progress. Multiple warnings last year highlighted just how rife such Play Store abuse remains.
0 Comments
·0 Shares
·47 Views