Martijn Lammerts
My own digital place with a little of everything

Various Google Play “Beauty Camera” Apps Sends Users Pornographic Content, Redirects Them to Phishing Websites and Collects Their Pictures

We discovered several beauty camera apps (detected as AndroidOS_BadCamera.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes. Some of these have already been downloaded millions of times, which is unsurprising given the popularity of these kinds of apps.

The post Various Google Play “Beauty Camera” Apps Sends Users Pornographic Content, Redirects Them to Phishing Websites and Collects Their Pictures appeared first on .

Continue reading...

Android Wallpaper Apps Found Running Ad Fraud Scheme

Analyzed 15 malicious wallpaper apps we found on Google Play Store running click ad fraud schemes. The apps recorded over 200,000 downloads worldwide — our telemetry shows infection to be the highest in some countries in Europe, the US, and Asia — before they were removed.

The post Android Wallpaper Apps Found Running Ad Fraud Scheme appeared first on .

Continue reading...

Fake Voice Apps on Google Play, Botnet Likely in Development

Several apps on Google Play posing as legitimate voice messenger platforms have automated functions such as fake survey pop-ups and fraudulent ad clicks. Observed variants were deployed one by one since October, with its evolution including evasive techniques and its infection behavior divided into several stages, as well as botnet codes possibly indicative of future attacks.

The post Fake Voice Apps on Google Play, Botnet Likely in Development appeared first on .

Continue reading...

Perl-Based Shellbot Looks to Target Organizations via C&C

We uncovered an operation of a hacking group, which we’re naming “Outlaw” (translation derived from the Romanian word haiduc, the hacking tool the group primarily uses), involving the use of an IRC bot built with the help of Perl Shellbot. The group distributes the bot by exploiting a common command injection vulnerability on internet of things (IoT) devices and Linux servers. Further research indicates that the threat can also affect Windows-based environments and even Android devices.

The post Perl-Based Shellbot Looks to Target Organizations via C&C appeared first on .

Continue reading...

Android Ad-Fraud Scheme

BuzzFeed is reporting on a scheme where fraudsters buy legitimate Android apps, track users' behavior in order to mimic it in a way that evades bot detectors, and then uses bots to perpetuate an ad-fraud scheme. After being provided with a list of the apps and websites connected to the scheme, Google investigated and found that dozens of the apps...
Continue reading...

Google Tracks its Users Even if They Opt-Out of Tracking

Google is tracking you, even if you turn off tracking: Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored." That isn't true. Even with Location History paused, some Google...
Continue reading...

Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices

Recently, we found a new exploit using port 5555 after detecting two suspicious spikes in activity on July 9-10 and July 15. In this scenario, the activity involves the command line utility called Android Debug Bridge (ADB), a part of the Android SDK that handles communication between devices that also allows developers to run and debug apps on Android devices.

The post Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices appeared first on .

Continue reading...