Hackers Advance Malware to Avoid Google Play Store Detection

Hackers Find Loopholes to Infect Android Devices

Hackers have been getting better and better at avoiding detection by traditional antivirus methods.  However, now in an attempt to infect mobile devices through the Google Play Store, cyber criminals have gone beyond their traditional means of avoidance.

With traditional blacklist antivirus solutions, hackers just need to develop a new malware variant to avoid detection.  If it is a new malware strain, the blacklist won’t know it is bad yet — meaning successful infection.  However, in the mobile space, it’s a bit tricker than just creating a new strain.  Both Apple and Google Play Stores go through their own testing of the apps that want to be available within these play stores.  Making it through detection with malicious activity within the app can be difficult.  That is unless you find a loophole.

When apps are being tested for the Google Play Store, they go through a simulation process that uses Android emulators.  These emulators do their best to replicate the Android environment.  However, they do not include the motion sensors an Android device would include in the real-world.  Hackers have learned this and decided to exploit it.  The latest Android malware lays dormant if the device is not in motion, making it undetectable.  Although, once motion is detected, it proceeds to infect the device with Trojans to steal personal data from the user.

So far, only two apps were found to have this malicious software included — Currency Converter and BatterySaverMobi.  Both of these apps have been removed from the Google Play Store.  Although the number of downloads for these two apps was not astronomical, this proof is still in the pudding.  Hackers are working to find ways around detection.

Staying Secure

The best way to avoid malicious activity from executing on your device is through the use of application whitelisting.  This technology only allows known safe programs to run — everything else is blocked.  Therefore, it doesn’t matter if it’s a new malware variant, it still isn’t a safe program so it will be blocked.  It doesn’t matter if it’s motion sensitive or not, if it’s not tested and proven safe, it will not run.

To learn more about application whitelisting, click here.

2,603 total views, 1 views today

(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.