this post was submitted on 02 Jun 2024
407 points (89.7% liked)

Technology

70285 readers
3304 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
407
In case you missed it: Bank info-stealing malware found in 90+ Android apps with 5.5M installs (mashable.com)
submitted 11 months ago by [email protected] to c/[email protected]
104 comments fedilink hide all child comments
(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 11 months ago (16 children)

Can't steal my bank info if I use cash only...

load more comments (16 replies)
[–] [email protected] 130 points 11 months ago* (last edited 11 months ago) (3 children)

Am I just missing it, or is there no list of of these infected apps on the posted article or the reference the article links to. To me, that is the most important information.

[–] [email protected] 19 points 11 months ago

Agreed. If this article didn’t contain a way to check the apps, that would be irritating

load more comments (2 replies)
[–] [email protected] 38 points 11 months ago (3 children)

As somebody who occasionally had to develop for android: the churn of improvements to app security was a huge pita. And as a user I know many of the abandoned apps that I liked that lost compatibility was for that reason.

So the fact that in spite of this pain, Android security still allows apps to do horrible crap like that is infuriating.

[–] [email protected] 22 points 11 months ago (2 children)

If you read the original report, it says that it basically just displays a fake banking login page. It also says that it requested accessibility service permissions, which makes me think maybe it brought up the fake login pages "in the right moment" (as in as users opened their banking apps) to make it more convincing, even though the article doesn't specify that.

Either way, IMO the problem here is clearly with the Play Store allowing this app in, and not with Android's security itself. These apps are misusing the accessibility service system, which is obviously necessary for a ton of important use cases (and of course also requires the user to grant very explicit permission). The fact that the accessibility services are a thing doesn't delegitimize Android's security improvements over the years.

load more comments (2 replies)
[–] [email protected] 8 points 11 months ago (2 children)

The app doesn't contain malware when it's uploaded to the play store. It forced an update after it's installed that contains the malware.

[–] [email protected] -1 points 11 months ago

So I could write an app that is okay on the Google store, then change it to steal people's information? Hmmm 🤔 that gives me an idea....hahh! Too many projects at the moment.

[–] [email protected] 9 points 11 months ago (2 children)

That's not what I mean. I'm not thinking about Play Store security, but Android OS security. Like, your app physically has to ask for permission (or even require the user manually change settings) to do most unsafe things.

[–] [email protected] 3 points 11 months ago (1 children)

Physically? So the dev has to come ask you in person?

load more comments (1 replies)
load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 28 points 11 months ago (1 children)

I got many apps installed. I don't keep in my memory what I have. How do I check that I don't have any from those compromised?

[–] [email protected] 18 points 11 months ago

Go to Settings and search for Google Play Protect. Tap Scan, and if it results in No harmful apps found, you're safe.

[–] [email protected] 30 points 11 months ago

From the actual report:

"Over the past few months, we identified and analyzed more than 90 malicious applications uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs.

Recently, we noticed an increase in instances of the Anatsa malware (a.k.a. TeaBot). "

So not 5.5M installs of this specific malware, FWIW

[–] [email protected] 51 points 11 months ago (3 children)

Aren't apps on android hermetically sealed from other apps and malware. How could this be achieved ?

[–] [email protected] 37 points 11 months ago

Since the other reply was unhelpful: apps are supposed to have limited privileges and isolation from each other, yes... But the whole point of malware like this is that they figure out ways to break those restrictions and get escalated privileged.

You can get more technical detail from reading the report, in this case it looks like the app does not contain malware, but instead requests an update after install that contains the bad code and then breaks the app limitations and scans for the target banking applications and copies the security certificates.

load more comments (1 replies)
load more comments
view more: ‹ prev next ›