Google said it had prevented more than 2.36 million Android policies from policies from being published on the Google Play applications market in 2024 and prohibited more than 158,000 accounts of bad developers who tried to publish such harmful applications.
The technology giant also noted that it prevented 1.3 million applications from obtaining excessive or unnecessary access to sensitive user data during the period by working with third -party application developers.
In addition, Google Play Protect, a Safety characteristic This is activated by default on Android devices to report new threats, has identified 13 million new malware from the outside of the official App Store.
“Following a partnership in close collaboration with developers, more than 91% of application installations on Google Play Store now use the latest Android 13 or more recent protections”, Bethel Otuteye and Khawaja Shams ‘Android team Security and Confidential, and Ron Aquino by Google Play Trust and Safety said.
In comparison, the company blocked 1.43 million respectively and 2.28 million risky applications to be published at the Play Store in 2022 and 2023.
Google has also said that the use of developers in Integrity game API – which allows them to verify whether their applications have been modified in a maliciously or operate in potentially compromised environments – has seen a use of 80% of their applications from undelicated and unreliable sources on average.
In addition, business efforts to automatically block the elevation of potentially dangerous applications on markets such as Brazil, Hong Kong, India, Kenya, Nigeria, the Philippines, Singapore, Africa From the south, Thailand and Vietnam have obtained 10 million aircraft, compared to 36 million at least 36 million risk at risk at risk, covering more than 200,000 unique applications.
Completing these initiatives, Google announced this week that it introduced a new “verified” badge for consumer -oriented VPN applications which have successfully completed an assessment of mobile applications (MASA). Google initially unveiled this plan in November 2023.
“This new badge is designed to highlight the applications that favor confidentiality and safety of users, help users make more enlightened choices on VPN applications they use and strengthen confidence in the applications they download “, he said.
If anything, the results show that the protection of the Android and Google Play ecosystem is a continuous effort, because new strains of malware continue to find their way to mobile devices.
The most recent example is Tria Stealer, which was mainly found targeting Android users in Malaysia and Brunei. The campaign has been underway since at least March 2024.
Distributed via personal and group cats in Telegram and WhatsApp in the form of APK files, malware requires sensitive authorizations that allow the harvest of a wide range of data from applications like Gmail, Google Messages, Microsoft Outlook , Samsung messages, WhatsApp, Whatsapp Affaires and Yahoo! Mail.
There is evidence suggesting that malware is the work of an Indonesian threat player, due to the presence of artifacts written in the Indonesian language and the name of the telegram robots used to host command and control (C2) (C2) Servers.
“Trialer Stealer collects the SMS data from the victims, follows call newspapers, messages (for example, from WhatsApp and WhatsApp Business) and data by e-mail (for example, Gmail and Outlook mailboxes)) “, Kaspersky said. “TIA Stealer exfiltrates the data by sending it to various telegrams robots using the API Telegram for communication.”
The stolen information is then used to divert personal messaging accounts such as WhatsApp and Telegram, and usurp the identity of the victims in order to request money transfers to their contacts to bank accounts under their control, and perpetuate more The scam by distributing the APK file based on malware APK. to all their family and friends.
The fact that Tria Stealer is also able to extract SMS indicates that operators can also use malware to steal punctual passwords (OTP), potentially granting them access to various online services, including Bank accounts.
Kaspersky said that the campaign presents certain similarities with another cluster of activities that distributed part of malicious software nicknamed Udangasteal in 2023 and at the beginning of 2024 targeting Indonesian and Indian victims using the wedding invitation, delivery of packages and customer support lures. However, there is no evidence at this stage to link the two families of malicious software to the same threat actor.
