Malicious Android apps that have been previously reported to Google are showing up again on company's marquee Play Store with new names, security researchers are reporting. BleepingComputer: Seven of these apps have been "rediscovered," said Symantec in a report published yesterday. The company's experts say the author of the original malicious apps didn't do anything special, but only changed the app's names, without making modifications to the code, and re-uploaded the apps on the Play Store from a new developer account under a new name. Symantec says it detected seven of these re-uploaded apps on the Play Store, which it re-reported to Google's security team and had them taken down again.

    by postbigbang ( 761081 ) on Friday May 11, 2018 @02:02PM (#56597036)

    If there is an actual vetting process, it's a joke. So much for diligence, trustworthiness, and looking out for the security of their Android users, who dominate worldwide consumers of their "product".

      by Zocalo ( 252965 )
      They failed at an even simpler level than that. They could have just kept checksums of the code objects in known malicious apps and automatically removed any other apps that match that checksum, either already in the store or on upload, just like even the most basic antivirus software tech was doing over two decades ago. Or perhaps they simply just didn't expect that malware coders would be equally lazy/clueless and not bother to include some random salt or other obfuscation in their files to mess up atte

        by Psion ( 2244 )
        That's ridiculously easy to spoof. Just add a few lines of orphaned code that does nothing to change the app's function and it will have a totally different checksum.

          by Zocalo ( 252965 ) on Friday May 11, 2018 @02:54PM (#56597326) Homepage
          Of course it's ridiculously easy to spoof - I even said how you'd do it in my post - and that's my point; Google are apparently not even doing the kind of basic checks that early AV software was doing in the late 1990's, let alone the kind of modern heuristical scanning that current AV tools use, which is what I'd have expected them to be doing. It's well known in security circles that most malware writers re-use a lot of common code libraries and other "kits" from the darknet and other forums that they then modify to suit, so that Google hasn't successfully automated that kind of scanning on app submission to their own store beggars belief, especially given the number of well regarded security experts they have on thier payroll.
  • With AI available, how is it possible that a multi-billion dollar system is fooled by changing a string in the app name? Doesn't the AI detect that? The humans did. Very puzzling.

    by dryriver ( 1010635 ) on Friday May 11, 2018 @02:12PM (#56597102)
    YOU are the malicious app in the "Play Store". But more seriously - if you are smart enough to create an Android App, why bother with hacking/phishing/scamming at all? Build something useful and sell it as every other decent programmer would. Make money honorably. A lot of the malware, malicious apps, hacking tools and similar originates in Eastern Europe and Russia these days. And its all built by decently smart people who can actually program a computer. So the question one more time: If you are smart enough to scam, aren't you smart enough to create something legit and make your money that way? Without ruining somebody else's life or breaking all sorts of laws in the process? But it seems that the computing culture in EE/RU is all about doing what should not be done. The internet is one great big see of credit cards, bank accounts, social security numbers, gullible consumers to these people. The sad thing is that they are ruining the region's future in legit software as well. If some smart people in Russia someday made a great OS that can compete with Windows or Linux, would anybody in their right mind actually use it? Would you install a Russian OS on even a single computer in your company? THAT is what these people are doing to their future. Even if a decade from now the culture changes and they start building legit stuff, nobody is going to use it. Because it came from Eastern Europe and Russia.

