Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Severity High Analysis Summary CVE-2023-42753 Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer underflow due […]
Severity Medium Analysis Summary AsyncRAT is an open-source tool designed for remote monitoring via encrypted connections. However, it could be utilized by threat actors as it […]
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Severity High Analysis Summary CVE-2023-42753 Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer underflow due […]
Severity Medium Analysis Summary AsyncRAT is an open-source tool designed for remote monitoring via encrypted connections. However, it could be utilized by threat actors as it […]
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz Threat Alert – Haken and Joker Malware found in Apps on Google Play
Severity
High
Analysis Summary
Clickers, (malware that mimics the user and performs ‘clicks’ on ads), are a rising threat in the mobile industry. 47 new applications that were available on Google Play, and were downloaded more than 78 million times by users were found infected with malware. A similar campaign began its path in Google Play. Haken malware was found in 8 malicious applications, that had over 50,000 downloads, the clicker aims to get a hold of as many devices as possible to generate illegitimate profit.
The Haken clicker utilizes native code and injection to Facebook and AdMob libraries while communicating with a remote server to get the configuration.
The first entry point of the Haken clicker is the receiver called ‘BaseReceiver’. This receiver asks for permissions that the backdoored app (in this case, a compass application that actually provides a compass service) does not require to function, for instance,BOOT_COMPLETED which let the backdoored application to run code at device start-up. With the usage of native-code, code injection into Ad-SDKs, and backdoored applications from the official store, Haken has shown clicking capabilities while staying under the radar of Google Play. Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns.
The ‘Joker’ malware family, originally discovered in September 2019, is a spyware and premium dialer (subscribes the user to premium services) for Android that was found on Google Play. In the past few months, Joker keeps reappearing in the Google Play store, We have recently discovered four additional samples of Joker on Google Play, downloaded 130,000+ times. Most of these malicious apps are camera utilities and children’s games. Some of them buy premium subscriptions without notifying the user.