Categories
android apps Biz & IT google play malware Security Uncategorized

Google Play app with 100 million downloads executed secret payloads

Google Play app with 100 million downloads executed secret payloads

Enlarge (credit: NurPhoto | Getty Images)

The perils of Google Play are once again on display with the discovery of an app with 100 million downloads that contained a malicious component that downloaded secret payloads onto infected Android devices.

Throughout most of its life, CamScanner was a legitimate app that provided useful functions for scanning and managing documents, researchers from antivirus provider Kaspersky Lab said on Tuesday. To make money, the developers displayed ads and offered in-app purchases.

Then, at some point things changed. The app was updated to add an advertising library that contained a malicious module. This component was what’s known as a “Trojan dropper,” meaning it regularly downloaded encrypted code from a developer-designated server at https://abc.abcdserver[.]com and then decrypted and executed it on infected devices. The module, which Kaspersky Lab researchers named Trojan-Dropper.AndroidOS.Necro.n, could download and execute whatever the developers wanted at any time. The researchers said that they have previously found Trojan-Dropper.AndroidOS.Necro.n lurking inside apps that are preinstalled on some phones sold in China.

Read 4 remaining paragraphs | Comments

Categories
Biz & IT firmware Security

Self-driving car service open sources new tool for securing firmware

Self-driving car service open sources new tool for securing firmware

Enlarge (credit: Collin Mulliner)

Developing and maintaining secure firmware for tablets, cars, and IoT devices is hard. Often, the firmware is initially developed by a third party rather than in-house. And it can be tough as projects move from inception and prototyping to full-force engineering and finally to deployment and production.

Now, an engineer at self-driving car service Cruise is easing the pain with the release of FwAnalyzer, a tool he and his Cruise colleagues developed themselves. Collin Mulliner spent more than a decade scouring firmware found in phones and other devices before becoming Cruise’s principal security engineer. He helped write FWAnalyzer to provide continuous automated firmware analysis that could aid engineers at any phase of the code’s lifecycle.

“It’s peace of mind that there’s constant analysis,” Mulliner said of the tool, which he’ll be discussing at a panel on Wednesday at the Black Hat security conference in Las Vegas. “At any step in development… it runs checks.”

Read 2 remaining paragraphs | Comments