The popular Swift on Security Twitter account exposed the issue about this and two other extensions, one falsely claiming 10 million downloads. Three weeks ago, Google removed a malicious Chrome extension posing as Ad Block Plus that had been downloaded more than 38,000 times. Unicode, meanwhile, remains an apparently solid strategic option for unscrupulous developers who want to slip these types of unwanted apps and even extensions onto Google Play and the Chrome Store, respectively.
Google said in May that Play Protect will be capable of scanning and verifying up to 50 billion apps on a daily basis. This also helps provide a line of defense against apps downloaded from third-party stores that aren’t subject to Google’s malware scanners. For example, previously downloaded apps can be continually scanned for malicious behaviors as a counter to developers who push benign apps to Google Play that later connect and download malicious components. In May, Google introduced Play Protect, a new security feature that maintains some oversight on content downloaded to Android devices. Google has taken steps as well to catch malicious apps earlier in the process while still facilitating legitimate app developers. ” The space was instead a Unicode character that looked like a space with a hex code C2A0 allowing it to slip past Google’s malware scanners for its marketplace.Īndroid apps that are submitted to Google Play are first scanned for malware and behaviors that would classify it as a potentially unwanted app before they are published. One Redditor with the handle rookie_e pointed out that the listing for this app included an extra space after the name: “WhatsApp Inc. Like other recent spammy and adware-laden campaigns, the developer used a hidden Unicode character to make this app look legitimate. Google confirmed the app was removed and the developer’s account suspended for program policy violations.ĭespite Google’s documented success at catching malicious and unwanted mobile apps on Google Play and removing them from user’s devices, this one snuck through.
“The app also tries to hide itself by not having a title and having a blank icon.” The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk,” said a Reddit user with the handle Dextersgenius. “I’ve also installed the app and decompiled it (at right). The unwanted app, called Update WhatsApp Messenger, was disclosed by a handful of Redditors over the weekend who said the adware was also calling out to the internet for additional Android APK downloads to their devices. Google has removed a phony WhatsApp download from Google Play and suspended the developer’s account, but not before the ad-spewing app was downloaded more than one million times.
0 kommentar(er)
