Google has removed a rogue app from Google Play posing as a news app, but in reality it was a backdoor. The app used the name 'BeNews "of the now vanished news site with the same name, to look legitimate, say researchers at the Japanese anti-virus company Trend Micro . The researchers discovered the app in the data that was stolen by the Italian Hacking Team.
The app seems to have been developed in order to circumvent the monitoring of the Play Store. To protect Android users Google checks the content of applications for malicious code. Initially, the app asks for three permissions. Via dynamic loading technology, the app can also download and execute code from the Internet. The downloaded code will not be loaded when Google carries out the checks, but only when the app is used by a victim. The app can then use an exploit to increase its rights on the device. The exploit works on Android version 2.2 to 4.4.
In the stolen data, the researchers found also the source code of the backdoor and the server that can be used to communicate with contaminated devices. Trend Micro believes Hacking Team offered the app to customers, but there is no evidence. The app on Google Play downloaded between 10 and 50 times before it was removed by Google. The developer of the app on the Play Store has placed no other apps in the App Store Google. Google Plus account by this developer also contains no further information except a link to a "testing" area of the app on Google Play.
No comments:
Post a Comment