Google should strengthen security measures.
The Android-based smartphones are increasingly becoming victims of viruses of droppers that are integrated in the application from the official Google Play Store. The situation is complicated by the fact that the droppers are not able to identify any security service Google or a modern antivirus.
In the age of information technology, even the most advanced users of gadgets have long remembered a simple guide — if you don’t want to catch a virus, you cannot use unverified sources. Unfortunately, hacking technology is not standing still, and now owners of Android smartphones at risk of infection even after downloading from the official Google Play Store, according to the portal Bleeping Computer.
If you take into account that Android devices use about 80% of the population, the scale of the problem becomes much more dangerous. And cause mass infections are the special viruses, called droppers (from the English. dropper — the “release gear”).
Droppers are those malicious programs that secretly infect a device other viruses hidden in the body of the dropper.
This method of infection takes place in several stages and are poorly recognized by protective programs. As told “Газете.Ru” head of Department of technical support products and services of ESET Russia Sergey Kuznetsov, droppers, unlike the classic viruses, by themselves, are not destructive or malicious activities but are an integral part of the initial stages of many viral attacks.
“The dropper behaves like a normal SOFTWARE interacts with the user, performs the claimed function, but besides this, is their code of “payload”. Usually, this payload is encrypted and cannot be detected at the stage of standard antivirus test file. After the launch of the dropper, the payload is extracted in separate file (resets). Hence the name of this virus family. In addition, the dropper can be used for masking malicious code, which further complicates detection,” — said the expert.
Recently droppers is widespread because users often do not know that their smartphone got infected with a Trojan. In addition, the dropper to pick up any person that downloads the app from the Play store.
When the virus is integrated into a mobile application and is approved in the Play Store, protective Google not see it as a threat and put the program in the store.
The situation is complicated by the fact that smartphones are rarely equipped with a modern anti-virus programs that could timely detect the threat. In addition, according to researchers at Avast Threat Labs, some of the gadgets based on Android, have not passed mandatory certification of Google, come with droppers already pre-installed inside.
The trick with droppers is often used to install banking Trojans.
According to security researchers, the number of infections with the help of droppers started to rise in may 2017.
The last major surge was recorded in January 2018 — then the malware Exobot spread among users in Austria, the UK, the Netherlands and Turkey who have downloaded infected apps in Google Play. Bank Trojans attacking mobile banking applications, getting the card data of the user and draining money from his account.
According to the technical Director of Check Point Software Technologies Nikita Durov, in June of 2018 was recorded, visokoi activity loader Dorkbot, which affected 7% of organizations around the world and climbed from eighth to third place in the list of the most active malware on the version of Check Point. Dorkbot remotely executes the code via operator and also downloads additional malware to the already infected system. The main goal of the malware is hunting for critical information and launch DDoS attacks.
Users of Apple devices can feel a little more protected from viruses droppers, because the App Store imposes more stringent requirements on the applications and conducts a more thorough check before allowing the program to the store. In addition, Apple does not allow iOS to download, install and run any code that would do well to learn from their competitors from Google.
In the fight with droppers Google launched the service Protect Play that constantly scans apps in the official app store for suspicious activity. However, the expert Heten van Demien of ThreatFabric, considers this measure to be ineffective.
“Application droppers extremely difficult to calculate. As you can guess, the attackers put a lot of effort to avoid being disclosed,” said van Demien.
According to experts, Google should strengthen security measures and conduct more detailed tests at the stage of admission of the application to the store, as online you can find a large amount of information about the droppers, which would help the company easily recognize the threat.
“Interestingly, we are seeing many anti-virus software also does not cope with the detection of droppers. This means that the issue should be publicly discussed in order to raise awareness,” concluded van Demien.
While absolute protection from the droppers had not yet been invented, experts advise to observe the three main recommendations is to use current antivirus software, to install applications only from the official developer website or from the official stores, and when booting to see the feedback and reputation of the application.
© 2018, paradox. All rights reserved.
