'Guerrilla', el malware que burla Google Play


'Guerrilla', el malware que burla Google Play




This fake application allows cyber attackers to carry out suspicious promotion campaigns using infected devices to download apps



   Experts from Kaspersky Lab have discovered an Android Trojan called 'Guerrilla', which tries to overcome the anti-fraud protection mechanisms of the Google Play store through a fraudulent application that behaves as if there was a person behind it.

This fake application allows cyber-attackers to carry out suspicious promotion campaigns using infected devices to download, install, vote and comment on publications on Google Play. However, this malware is not only capable of abusing the mechanisms of infected devices.

   With millions of users and software developers, Google Play is an attractive platform for cybercriminals. Among other things, cybercriminals use Google Play to carry out the so-called Shuabang campaigns, which are widespread in China.

These fraudulent advertising activities are aimed at promoting some legitimate applications by granting higher ratings, increasing their downloads and posting positive comments about them on Google Play.

Many of these applications used to carry out these campaigns, in general, pose no threat to the user of the infected device such as data or money theft. However, they can do much more damage: the ability to download additional applications onto infected devices places an extra burden on Internet traffic, and, in some cases, Shuabang applications are able to secretly install free programs and even payment, in addition to using the bank card associated with the Google Play user account.

Fraudulent accounts

To carry out these activities, cybercriminals created numerous fake accounts on Google Play or infected user devices with special malware capable of covert actions on this platform based on the orders received from hackers.

Although Google has strong protection mechanisms that help detect and block fake users to prevent fraudulent operations, the authors of the Guerrilla Trojan seem to be trying to overcome these protections.

The Trojan is introduced into the device through the Leech rootkit, a malware that gives cyber attackers user privileges on the infected device. These privileges give cybercriminals unlimited opportunities to manipulate device data.

Among other things, it allows access to the user name, passwords and authentication tokens, which are required to communicate with applications of official Google services and inaccessible for normal applications on non-rooted devices. After installation, the Guerrilla Trojan uses the data to communicate with the Google Play store as if it were a real application.

Comments

Post a Comment

Popular posts from this blog

How to share what you hear on Spotify in your Instagram Stories

Image
How to share what you hear on Spotify in your Instagram Stories The followers can automatically listen to the song that appears in the image uploaded by the user Until now, Instagram users who wanted to show the music they were listening to in their Stories made a screenshot. To end this homemade way of teaching the world our musical tastes in Spotify, both companies have been integrated. From now on, users can share what is being heard on Spotify and that their followers not only see the title, but that they can also listen to that song automatically. The option is available as of this Thursday for iOS and Android devices. Steps to share music: 1- Through the new option of 'Share', when you are listening to a song on Spotify that you want to share with followers you have to press 'Instagram Stories' from the share menu and the app will unlock personalized stickers with the cover to each song, álmbul, playlist or artist. 2- It is not necessary to connect the accounts be...
Read more

The EU wants WhatsApp to tighten its privacy policy

Image
The EU wants WhatsApp to tighten its privacy policy Although 92% of Europeans consider it important to maintain the confidentiality of their mail, the current directive only applies to traditional operators   The European Commission (EC) has proposed today a greater protection of privacy when using applications such as WhatsApp or Skype, which allow you to send messages or make voice calls, to equate it with the one that already applies to traditional telecommunications operators . "We want to build trust in the digital single market that people expect," said the EU's vice president for the Digital Single Market, Andrus Ansip, who presented the initiative at a press conference.   Up to 92% of Europeans consider it important to maintain the confidentiality of their mail or electronic messages, although the current privacy directive only applies to traditional operators, recalled the EC. Therefore, the Commission proposes that the privacy regulations also cover new provider...
Read more

Mini solar panels, the next challenge in medical devices

Image
Mini solar panels, the next challenge in medical devices The first tests have gotten energy to keep a pacemaker running   The skin can be a large solar panel that can power future medical electronic devices, according to the Annals of Biomedical Engineering. On January 3, this specialized publication showed a series of mini solar panels the size of a seal capable of transmitting electricity once implanted under the skin. The six-month investigation, which involved tests on more than 32 volunteers, revealed that these small devices are capable of generating power to operate pacemakers and other similar devices that require bulky batteries.   Participants who used the device for a week in the summer, fall and winter, while going about their daily routines. According to the data released by the researchers, the energy generated was an average of 5-10 microwatts higher than that required by a standard pacemaker. In the new study, sunlight and artificial light energize the panels, ...
Read more