Am I just missing it, or is there no list of of these infected apps on the posted article or the reference the article links to. To me, that is the most important information.
It is about halfway down the article, but you have to dodge a few adds to get to that part.
“The two apps mentioned in the report were called “PDF Reader and File Manager” by Tsarka Watchfaces and “QR Reader and File Manager” by risovanul.”
Well, I did miss that, I was skimming for something like a large list or table. That still leaves 86/90+ unlisted.
These articles are useless without a damn list
Right
Aren’t apps on android hermetically sealed from other apps and malware. How could this be achieved ?
Since the other reply was unhelpful: apps are supposed to have limited privileges and isolation from each other, yes… But the whole point of malware like this is that they figure out ways to break those restrictions and get escalated privileged.
You can get more technical detail from reading the report, in this case it looks like the app does not contain malware, but instead requests an update after install that contains the bad code and then breaks the app limitations and scans for the target banking applications and copies the security certificates.
Yes, the app doesn’t steal any information from other apps. The report says the malware just displays a fake bank login page, in the hope the user gives it their details willingly.
As a developer this question is hilarious to me
Explain yourself
There’s no such thing as perfect security… unless your application is trivial and doesn’t do very much. Android is designed to collect data from the dozen plus sensors on your phone in order to get money from app vendors to push ads.
I got many apps installed. I don’t keep in my memory what I have. How do I check that I don’t have any from those compromised?
Hello EVERYONE here’s a list of 50 unbelieveable products that will change your life and grant you immortality:
AI probably “wrote” that
I’ recommend to just read the report https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
iOS user: That’s a shame.
But seriously, this sucks and is why Google needs more rigorous vetting of apps that go into the store. Sure, you sideload, that’s your problem. But if on the Play Store, the general Android user would think there’s some good level of governance.
Of course there’s a measure of caveat emptor here. So hopefully it’ll teach people to be wary of what information they freely give out.
LOL, well I guess the Reddit masses are on Lemmy full swing now. Enjoy the malware, I’ll continue laughing about it.
