Video: In battle against malware, Google adds Play Protect logo to certified Android devices
The first Android malware designed to steal information, carry out click ad fraud, and sign users up to premium SMS services without their permission, written using the Kotlin programming language has been found in the Google Play store.
An open-source programming language, Kotlin is a fully-supported official programming language for Android which Google boasts contains safety features in order to make apps ‘healthy by default’. Kotlin became an official language for Android in May 2017 and it has proved popular — Twitter and Netflix are among the 17 percent of Android Studio projects using it.
However, researchers at Trend Micro have uncovered what they believe to the first example of malware developed using Kotlin. The malicious app posed as a utility tool for cleaning and optimising Android devices, and has been downloaded from the official Google Play store by between 1,000 and 5,000 users.
When the app is launched, information about the victim’s device is sent to a remote server, and the malware sends an SMS to a number provided by the command and control server. Once this message has been received, the remote server will begin URL forwarding for click ad fraud.
Once this has been completed, the malware can upload information about the user’s service provider and login information to the command and control server. This automatically signs them up to a premium SMS subscription service, which will cost the victim money.
The nature of the malware means these operations will initially go unnoticed, providing the victim with an unpleasant surprise when they receive their next phone bill.
Trend Micro disclosed the malware to Google, which told the researchers that Google Play Protect has protections in place to protect users from this malware.
While Google keeps the vast majority of Android malware out of its app store, apps continue to slip through the net. Over 1.5 million users recently fell victim to malware that posed as flashlight and other utility apps in the Google Play Store.
Google had not responded to a request for comment at the time of publication.
Recent and related coverage
Attacks on three fronts ensure attackers have all the information they need to steal banking details in the latest evolution of the Marcher malware, warn researchers.
36 apps that posed as tools to keep users safe from attacks were actually installing malware on their devices.
Google calls Play Protect the “security system that never sleeps.” It aims to automatically scan your Android device for malware around the clock.
READ MORE ON CYBERCRIME
- Can Google win its battle with Android malware?
- This is the easiest way to prevent malware on your Android device [CNET]
- Fake WhatsApp app fooled million Android users on Google Play: Did you fall for it?
- New ‘Marcher’ malware attacks Android users’ banking accounts [TechRepublic]
- This Android malware steals data from 40 apps, spies on messages and location
- IT leader’s guide to the threat of fileless malware [Tech Pro Research]