September 9, 2015 By Douglas Bonderud 2 min read

While the Google Play store never garnered the AppStore’s reputation for security, Google Bouncer has evolved to the point where most apps up for sale are both clean and legitimate. According to SecurityWatch, however, a new malware variant is taking the fun out of downloading new applications: Infected apps carrying Android.Trojan.MKero.A have been spotted in the store and now come with the ability to avoid CAPTCHA security measures and launch a concealed subscription service. How do users stay safe?

CAPTCHA Conundrum

Sure, CAPTCHA isn’t perfect, but there’s a lot to recommend about the process since it screens out virtually any automated process trying to cross secure barriers. It’s also simply not worth attackers’ time to develop a code-based solution to replicate human image recognition. As noted by the Security Watch piece, however, it’s absolutely worth their time to leverage services like Antigate.com, which relies on users to recognize the characters in CAPTCHA images and send back the results. Packaged along with Android.Trojan.MKero.A, it’s possible for malicious actors to approve subscription-based SMS services on victims’ phones and start running up the charges; Bitdefener estimated that total financial losses could reach $250,000.

Of course, getting this malware onto phones means getting it into the Google Play store. Security experts still aren’t sure about the exact transport mechanism but speculate that code sophistication has now increased to the point where Bouncer is unable to tell the difference between legitimate offerings and aggressive Trojans. So far, apps that carry this Trojan have been downloaded hundreds of thousands of times. Worse still, they run completely silent on Android phones, meaning users won’t know they’ve been compromised until big bills start piling up.

No Safe Harbor for Google Play

With malware now sneaking into legitimate app stores, users can no longer rely on manufacturer-gated content to ensure safety. Bitdefender recommended running some type of mobile security solution to identify and report malicious apps, SecurityWatch reported. The problem here is tracking down the right service since some of these so-called security apps are actually malware in disguise or so poorly made that users are better off with no protection whatsoever.

Tech Republic recommended rebooting Android devices in Safe Mode if it becomes clear they’ve been compromised. This is easy: Just hold down the power button, select “Reboot to Safe Mode” and all third-party apps will be disabled, allowing users to purge them from the device.

As noted by Forbes, chipmakers like Qualcomm are also looking at ways to help safeguard devices with the new Snapdragon Smart Protect. Users running a Snapdragon processor get the benefit of active protection, which monitors app behavior and reports any suspicious events — for example, if a user’s screen is turned off but an app is trying to send an SMS message. This could be a sign of malicious activity, and the phone will wake and alert the user.

With Google Play no longer a safe harbor for app purchases, users need to take matters into their own hands. This could mean installing third-party protection apps, rebooting in safe mode or upgrading to a new processor with the hope that on-chip defenses will make up for CAPTCHA-cheating crooks.

More from

Black Friday Chaos: The Return of Gozi Malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America.The Black Friday connectionBlack Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity and often…

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today