{"id":37481,"date":"2019-08-28T09:01:26","date_gmt":"2019-08-28T09:01:26","guid":{"rendered":"https:\/\/www.cryptocabaret.com\/?p=37481"},"modified":"2019-08-28T09:01:26","modified_gmt":"2019-08-28T09:01:26","slug":"google-play-app-with-100-million-downloads-executed-secret-payloads","status":"publish","type":"post","link":"https:\/\/www.cryptocabaret.com\/?p=37481","title":{"rendered":"Google Play app with 100 million downloads executed secret payloads"},"content":{"rendered":"
\n
\"Google<\/p>\n

Enlarge<\/a> (credit: NurPhoto | Getty Images<\/a>)<\/p>\n<\/figure>\n

<\/a><\/div>\n

The perils of Google Play are once again on display with the discovery of an app with 100 million downloads that contained a malicious component that downloaded secret payloads onto infected Android devices.<\/p>\n

Throughout most of its life, CamScanner was a legitimate app that provided useful functions for scanning and managing documents, researchers from antivirus provider Kaspersky Lab said on Tuesday<\/a>. To make money, the developers displayed ads and offered in-app purchases.<\/p>\n

Then, at some point things changed. The app was updated to add an advertising library that contained a malicious module. This component was what’s known as a “Trojan dropper,” meaning it regularly downloaded encrypted code from a developer-designated server at https:\/\/abc.abcdserver[.]com and then decrypted and executed it on infected devices. The module, which Kaspersky Lab researchers named Trojan-Dropper.AndroidOS.Necro.n, could download and execute whatever the developers wanted at any time. The researchers said that they have previously found Trojan-Dropper.AndroidOS.Necro.n lurking inside apps that are preinstalled on some phones sold in China.<\/p>\n<\/div>\n

Read 4 remaining paragraphs<\/a> | Comments<\/a><\/p>\n

<\/ins>
\n