Security researchers have uncovered a batch of Google Play apps that stole users’ text messages and made unauthorized purchases on users’ dime.
The malware, which was hidden in eight apps that had more than 700,000 downloads, hijacked SMS message notifications and then made unauthorized purchases, McAfee mobile researchers Sang Ryol Ryu and Chanung Pak said Monday. McAfee is calling the malware Android/Etinu. The researchers said an investigation of the attacker-operated server that controlled infected devices showed it stores all kinds of data from users’ phones, including their mobile carrier, phone number, SMS messages, IP address, country, and network status.
<p>As users become more security conscious and fewer devices run older versions of Android, we\’re seeing threat actors pivot to find new ways to exploit these devices. Taking advantage of the Notification Listener is one clever pivot. Abusing Accessibility Services, downloading malicious payloads to previously clean applications, dynamically loading encrypted executables that masquerade as image assets – these are all additional ways malware authors have become more creative when faced with a shrinking Android vulnerability landscape. There are dozens of other examples, and we’re going to see this list continue to grow.</p>