Google이 취하는 모든 보안 조치에도 불구하고, malicious Android applications manage to get into the official Play Store. Bitdefender specialists decided to describe all the methods that help attackers bypass protective measures, and how exactly Android malware penetrates the Google Play Store.
Malicious applications can take many forms. 예를 들어, to a legitimate program can be “tied” an adware, which generates clicks that allows authors to earn on it.
There are also complex trojans like Joker, which manage to not only go through the security layers of the Google Play Store, but also force hundreds of thousands of users to install themselves in the system.
게다가, there are fake applications that hide malicious functionality and wait until the user relaxes.
“Researchers recently analyzed 25 apps that made it into Google Play, at least for a time, packing aggressive adware SDKs that bombarded users with ads and avoided removal by hiding their presence. Cumulatively, the apps were apparently downloaded almost 700,000 times by Google Play users.While Google has gone to great lengths to ban malicious or potentially unwanted applications from the official Android app store, malware developers are nothing if not imaginative when coming up with new ideas to dodge Google Play Protect”, — write Bitdefender researchers.
물론, Google is constantly working on various barriers that should not allow unwanted programs to go to the official app store. 하지만, resourceful attackers still invent mechanisms to place their development on the Play Store.
Bitdefender researchers have published a 보고서 (PDF), which lists the main methods of penetration into the Google Play Store.
Malicious features are encrypted and load dynamically. One of the ways in which it is possible to mask a malicious component is to rely on a native dynamic library that loads on first start. Its task is to decrypt and download the malicious code.
Checking time intervals. Quite an interesting technique: a hard-coded timestamp makes it clear to the adware when to start displaying advertisements. Two tasks are solved here: the application is tested by the Google Play Store and at the same time, the user cannot immediately calculate the reason for the appearance of intrusive advertising.
또한 읽기: Google finishes support for Adobe Flash by the end of 2019
Large gap between advertisements. Sometimes authors set up to 350 minutes of a delay between showing ads. 전문가에 따르면, this is enough to circumvent the protective measures of the official Android app store.
Open source libraries. Such libraries can be used to run tasks in the background. With their help, you can display ads and use functions like “ShowAdsHideIcon”.
Initially harmless SDK. A well-known technique – an attacker can download an absolutely legitimate version of the application to the Play Store, and then add malicious functions to it through the update mechanism.
Decision
Experts urge always to remember that when downloading an application from the official store there is always a risk. So please check that you are downloading, and also consider the need to install each doubtful program.
[…] You might also be interested in: 전문가들은 Android 악성 코드가 Google Play 스토어에 어떻게 침투하는지 설명했습니다.. […]