fraudulent activities Archives

AppWizard

March 26, 2025

Google Play Store will get more tools to protect users from scammy apps

Google has announced a plan to enhance the safety of its Play Store by implementing protective measures by 2025. Google Play Protect will target malicious applications impersonating financial apps, responding to a rise in fraudulent activities, including ad fraud. The company has already removed 180 fraudulent apps from the Play Store and will alert users about unsafe apps, especially those from outside the Google Play ecosystem. Google will extend its pilot program to additional countries facing malware-based financial threats. Users are encountering significantly more Android malware from external sources. Google aims to make it harder for malicious actors to deceive users and plans to introduce a "verified badge" for secure VPN applications, with plans to expand this to other app categories. For app developers, Google is enhancing the Play Integrity API tool and providing self-help tools for dealing with tampered apps, with features expected to roll out by May. Google is also improving support channels for developers, including expanding the Google Play Developer Help Community to additional languages.

AppWizard

March 8, 2025

Badbox is back and a million Android devices were backdoored

Human Security's Satori research team has discovered a new variant of the Badbox malware, known as Badbox 2.0, which has infected nearly a million Android devices, forming a large botnet. This follows the initial outbreak in 2023, where around 74,000 devices were compromised. Badbox 2.0 targets devices running the Android Open Source Project (AOSP), including off-brand smartphones, internet-connected TV boxes, automotive tablets, and digital projectors. Over 200 applications infected with malware have been identified, primarily hosted on third-party app stores, often mimicking legitimate apps from Google’s Play Store. The operation is believed to involve collaboration among four distinct criminal factions, with all infected devices traced back to China. The botnet monetizes through hidden advertisements and ad-click fraud, while also having the capability to steal passwords from infected devices. Efforts by Human Security, Google, Trend Micro, and Shadowserver Foundation have reduced the number of infected devices by half. Many malware modules were labeled "test," indicating the botnet was still developing, and it is expected that the operators will attempt to revive their network using altered tactics. Additionally, a new variant of Mirai malware, named Eleven11bot, has emerged, compromising thousands of devices, particularly targeting HiSilicon-based hardware.

AppWizard

March 6, 2025

BadBox Malware Infects 50,000+ Android Devices via 24 Apps on Google Play

HUMAN's Satori Threat Intelligence and Research team has identified a cyberattack named "BADBOX 2.0," which has compromised over 1 million consumer devices globally through 24 malicious applications on the Google Play Store. The operation utilizes a backdoor called BB2DOOR for persistent access to infected devices, primarily distributed via pre-installed apps on low-cost Android devices and third-party marketplaces. Four threat actor groups—SalesTracker Group, MoYu Group, Lemon Group, and LongTV—collaborate in this operation, which supports fraudulent activities such as residential proxy services, programmatic ad fraud, and click fraud, generating up to 5 billion fraudulent bid requests weekly. Despite efforts by HUMAN and Google to disrupt BADBOX 2.0, the threat actors may continue their operations due to the resilience of their supply chain. Users are advised to download apps only from official marketplaces to reduce infection risks.

AppWizard

March 5, 2025

Google Has Pulled Nearly 200 Apps Due to Extensive Android Ad Fraud Scheme

Google has removed over 180 applications from its Play Store due to a scheme exploiting Android apps for ad fraud, as revealed by Integral Ad Science (IAS). The investigation, initiated in late 2024, identified unusual app behavior and traffic patterns. The operation, named Vapor Threat, involved fraudsters creating shell applications that appeared as legitimate health and fitness tools but were designed solely to generate ad revenue through full-screen video advertisements. IAS emphasized the need for vigilance in the advertising ecosystem and highlighted the ongoing challenges of ad fraud, urging advertisers to adopt robust anti-fraud strategies.

AppWizard

March 5, 2025

Google rolls out new AI-powered scam detection feature in Messages app

Google Messages has introduced several new features for Android and Pixel users, focusing on user safety and connectivity. Key updates include an AI-driven scam detection tool that analyzes SMS, MMS, and RCS messages in real time to identify potential scams, alerting users to suspicious messages. This feature is initially available in English in the US, UK, and Canada, and it prioritizes user privacy by processing data on the device. Users can also share their live location with trusted contacts through a new feature integrated with the Find My Device app, which allows for real-time location sharing while maintaining control over who can access this information. Additionally, exclusive features for the Pixel 9 model include enhanced connectivity options for linking GoPro cameras and other Pixel phones, as well as upgrades to the Pixel Studio app for creating stylized images and stickers.

AppWizard

February 24, 2025

Android App on Google Play Targets Indian Users to Steal Login Credentials

A recently uncovered Android application, Finance Simplified (package: com.someca.count), is a malware platform disguised as a financial management tool for Indian users. It has rapidly gained downloads, increasing from 50,000 to 100,000 in one week. The app uses location-based targeting to present unauthorized loan applications and redirects users to external websites that bypass Google Play’s security. It requests extensive permissions, including access to location data, contacts, call logs, SMS messages, clipboard content, and external storage, and stealthily collects sensitive information like passwords and credit card numbers, which are sent to a command-and-control server on Amazon EC2. The app employs tactics such as dynamic WebView manipulation to present fake loan applications, persistent data harvesting, and blackmail through altered user photos. Finance Simplified is part of a network of fraudulent apps that falsely claim registration with Indian financial regulators and have been removed from the Play Store for fraudulent activities. Users are advised to scrutinize app permissions and avoid downloading unverified applications.

AppWizard

December 24, 2024

Russia considers complete ban on calls in messaging apps

The Ministry of Digital Development, Communications and Mass Media, along with Roskomnadzor, is considering imposing restrictions on voice calls made through messaging applications due to a rise in fraudulent activities. Two scenarios being evaluated include blocking voice traffic from abroad and a complete ban on voice calls within these apps. Roskomnadzor has acknowledged its authority to restrict such calls if they violate Russian law but the Ministry has stated it is not currently drafting regulations for this purpose. Fraudulent calls via messaging apps have surged to about 40% of total traffic, up from 1% three years ago. MegaFon, Russia's second-largest mobile operator, has stated it lacks the technical capabilities to analyze calls from these apps and suggests that additional software on users' smartphones is the only effective way to mitigate fraudulent calls.

AppWizard

September 29, 2024

Experts warn users to delete a specific app | The Express Tribune

Cybersecurity experts have identified a new variant of the Octo Android malware, named Octo 2, which targets Android users by disguising itself as trusted applications like Google Chrome. This malware is designed for fraudulent activities, specifically targeting bank accounts and sensitive information. Discovered by the Amsterdam-based firm ThreatFabric, Octo 2 is spreading across Europe and features advanced mechanisms that make it harder to detect. Its capabilities include remotely locking and muting the device's screen, launching applications without user consent, sending malware-laden messages to contacts, and intercepting SMS messages to capture verification codes, posing a significant risk for unauthorized access to secure accounts.

AppWizard

September 25, 2024

Android malware ‘Necro’ infects 11 million devices via Google Play

A new version of the Necro malware loader has infected approximately 11 million Android devices through Google Play by using malicious SDKs in legitimate applications. It was found in two apps: Wuta Camera, which had over 10 million downloads and was compromised in versions 6.3.2.148 to 6.3.6.148, and Max Browser, with 1 million downloads, which still harbors the malware in version 1.2.0. Both apps were compromised via an advertising SDK named 'Coral SDK' that used obfuscation and image steganography. The Necro Trojan also spreads through modified versions of popular apps available on unofficial websites, including WhatsApp mods and Spotify Plus, and is known to display ads, install applications without consent, and engage in fraudulent activities.

AppWizard

September 24, 2024

Dangerous new Android malware infects 11 million devices — here’s what we know

Cybersecurity researchers have discovered a breach in the Google Play app store linked to a compromised software development kit (SDK) called Coral SDK, which has allowed malware named Necro to infiltrate at least 11 million devices. The malware uses steganography techniques to deploy additional malicious activities, including loading ads through invisible WebView windows, downloading and executing arbitrary JavaScript files, facilitating fraudulent activities, and rerouting malicious traffic. Affected applications include GBWhatsApp, FMWhatsApp, Spotify Plus, Minecraft, and Stumble Guys. Users are advised to be cautious when downloading apps and to consider download counts, user ratings, and reviews.