Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions.
An APK is a file format used to distribute Android apps for installation in the operating system.
These files are commonly distributed through third-party sites, allowing you to install apps outside of Google Play.
As these external sites do not review the apps for malicious behavior, they can include malware, spyware, and other threats.
Due to the complexity and difficulty of uploading bad apps on Google Play, threat actors revert to social engineering, using various lures to convince targets to download malicious apps from external, unvetted sources.
These APKs can trick victims into disclosing sensitive personal and financial information, allowing threat actors to conduct financial fraud.
Google says that throughout 2023, scams on the Android platform cost users over $1 trillion in losses, with 78% of the surveyed users reporting experiencing at least one scam attempt.
In October 2023, Google Play Protect received a new security feature that performs real-time scanning of APKs downloaded from third-party app stores and websites.
Google says this feature has identified 515,000 unwanted apps and warned about or blocked 3.1 million installations.
RECEIVE SMS - Attackers use this to intercept one-time passwords or authentication codes sent via SMS, enabling unauthorized access to victims' accounts.
READ SMS - Abused by attackers to read sensitive information, such as OTPs, banking messages, or personal communications, without the user's knowledge.
BIND Notifications - Attackers exploit this to read or dismiss notifications from legitimate apps, including security alerts or OTP notifications, potentially without the user noticing.
Accessibility - This permission, meant to assist users with disabilities, provides the malicious APK app with broad access to control the device and its functions.
Attackers abuse it to monitor the user's actions, retrieve sensitive data, input keystrokes, and execute commands remotely, often leading to complete device compromise.
BleepingComputer has asked Google about its plans to roll out this new protection feature to the rest of the world, and we will update this post as soon as we know more.
Android users are advised to avoid APK downloads as much as possible, scrutinize permissions requested during app installation, and run Play Protect scans regularly.
Google says spyware vendors behind most zero-days it discovers.
Google Search bug shows blank page in Firefox for Android.
New Xamalicious Android malware installed 330k times on Google Play.
AutoSpill attack steals credentials from Android password managers.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 07 Feb 2024 19:00:27 +0000