The Skinner adware rears its ugly head on Google Play

 
A new member of the ever growing adware-found-on-Google-Play-list has been found. Previous members include Viking Horde, DressCode and CallJam, among many others. The malware, dubbed "Skinner", was embedded inside an app which provides game related features. The app was downloaded by over 10,000 users, and managed to hide on Google Play for over two months. Skinner tracks the user's location and actions, and can execute code from its Command and Control server without the user's permission. The app was removed from the play store after we contacted the Google security team. While Adware are a common threat to users, Skinner displayed new elaborate tactics used to evade detection and ...

In The Wild: Mobile Malware Implements New Features

 
Malware developers just won’t stand still. They continue developing malware as they go, sometimes to adapt to the changing threat landscape, and sometimes simply to improve their capabilities. Recently, two examples of such advancements presented themselves, one in Triada’s code and one in Viking Horde’s. Triada’s Trident is Getting Stronger As if the original malware wasn’t bad enough, Triada has now received a dangerous update. Triada’s main purpose is to steal money transferred over SMS messages as part of in-app purchases. The malware does so by leveraging its system level malicious compromise to highjack the raw SMS data (PDU) and send it directly to its C&C ...

In The Wild: Never a Dull Moment with Mobile Malware

 
Mobile malware learns fast. Every time new security measures come along, malware somehow manages to find a way to overcome them. This week we bring you such a story, with further details about Viking Horde, a botnet found by Check Point on Google Play. The malware is capable of bypassing even Android’s latest OS security mechanisms. Meet the Vikings: Part III The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde. Viking Horde conducts ad fraud, but can also be a launchpad for attacks like DDoS, spam messages, and more. Viking Horde managed to bypass Google Play malware scans masquerading as five different apps so far. The research ...

In The Wild: Malware in Google Play is as Prevalent and Pesky as Ever

 
Not a week passes without new malware found on Google Play and this week was no different. Among the malware found are both new and old samples, including a known malicious banker and a new type of malware making its first appearance on Google Play. Also, Google has patched more vulnerabilities, which is no coincidence since we’ve come to expect frequent security patches and malware discoveries because of the frail security Android provides. Using Wi-Fi to Hack Into Your Device Among the various security patches recently released by Google, one, in particular, catches the eye. The vulnerability allowed attackers to elevate privileges or even to target a device with a Denial-of-Service ...

Viking Horde: A New Type of Android Malware on Google Play

 
The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde. Viking Horde conducts ad fraud, but can also be used for other attack purposes such as DDoS attacks, spam messages, and more. At least five instances of Viking Horde managed to bypass Google Play malware scans so far. Check Point notified Google about the malware on May 5, 2016. On all devices -- rooted or not -- Viking Horde creates a botnet that uses proxied IP addresses to disguise ad clicks, generating revenue for the attacker. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots are used for various reasons based on the ...