谷歌播放大于430万次下载量的应用程序窃取图片并推送色情广告
Google Play apps with >4.3 million downloads stole pics and pushed porn ads
691字
2020-01-10 14:59
79阅读
火星译客

THANKS GOOGLE — The 29 apps concealed their malice and were hard for many infected users to uninstall.

感谢谷歌——这29个应用程序隐藏了他们的恶意,许多感染病毒的用户很难卸载。 
 

Dan Goodin - Feb 1, 2019 8:06 pm UTC

Dan Goodin-2019年2月1日晚上8:06 UTC 
 

Screenshots of the pop-up ads displayed by malicious apps that were available in Google's Play Store.

详述/

Screenshots of the pop-up ads displayed by malicious apps that were available in Google's Play Store.

谷歌播放商店中恶意应用程序弹出广告的截图。 
 

Trend Micro

趋势科技

Google has banned dozens of Android apps downloaded millions of times from the official Play Store after researchers discovered they were being used to display phishing and scam ads or perform other malicious acts.

研究人员发现,数十款安卓应用程序被用于显示网络钓鱼、诈骗广告或进行其他恶意行为,谷歌已禁止这些应用程序从官方的应用商店上下载数百万次。
 

A blog post published by security firm Trend Micro listed 29 camera- or photo-related apps, with the top 11 of them fetching 100,000 to 1 million downloads each. One crop of apps caused browsers to display full-screen ads when users unlocked their devices. Clicking the pop-up ads in some cases caused a paid online pornography player to be downloaded, although it was incapable of playing content. The apps were carefully designed to conceal their malicious capabilities.

一个安全的公司Trend Micro发布的一篇博客帖子列出了29款与相机或照片相关的应用程序,其中排名前11位的应用程序的下载量都在10万至100万次之间。当用户解锁设备时,一些应用程序会导致浏览器显示全屏广告。在某些情况下,点击弹出广告会导致付费在线色情播放器被下载,尽管它无法播放内容。这些应用程序经过精心设计,以隐藏其恶意功能。
 

“None of these apps give any indication that they are the ones behind the ads, thus users might find it difficult to determine where they’re coming from,” Trend Micro Mobile Threats Analyst Lorin Wu wrote. “Some of these apps redirect to phishing websites that ask the user for personal information, such as addresses and phone numbers.”

Trend Micro 的移动威胁分析师Lorin Wu写道:“这些应用没有任何迹象表明它们是广告的幕后黑手,因此用户可能很难确定它们来自哪里。”“有些应用程序会转到要求用户提供地址和电话号码等个人信息的钓鱼网站。”
 

The apps also hid their icons from the Android app list. That made it hard for users to uninstall the apps, since there was no icon to drag and delete. The apps also used compression archives known as packers to make it harder for researchers—or presumably, tools Google might use to weed out malicious apps—from analyzing the wares.

这些应用程序还将它们的图标隐藏在Android应用程序列表中。这使得用户很难卸载这些应用程序,因为没有可拖动和删除的图标。这些应用程序还使用压缩档案,即所谓的packers,使研究人员更难分析这些软件,或者谷歌可能用来清除恶意应用程序的工具也更难。
 

Your selfies are ours

你们的自拍是我们的。

Trend Micro researchers discovered another batch of apps that falsely promised to allow users to “beautify” their pictures by uploading them to a designated server. Instead of delivering an edited photo, however, the server provided a picture with a fake update prompt in nine different languages. The apps made it possible for the developers to collect the uploaded photos, possibly for use in fake profile pics or for other malicious purposes. The developers took pains to prevent users from detecting what was happening.

Trend Micro的研究人员发现了另一批应用程序,它们错误地承诺允许用户通过上传照片到指定的服务器来“美化”自己的照片。然而,服务器并没有提供经过编辑的照片,而是提供了一张带有9种不同语言的假更新提示的照片。这些应用程序使开发人员能够收集上传的照片,可能用于伪造个人资料照片或其他恶意目的。开发人员煞费苦心地阻止用户发现正在发生的事情。
 

“The remote server used by these apps is encoded with BASE64 twice in the code,” Wu wrote. “In addition, several of these apps can also hide themselves via the same hidden technique mentioned above.”

“这些应用程序使用的远程服务器在代码中两次使用BASE64编码。“此外,这些应用中的一些也可以通过上面提到的隐藏技术来隐藏自己。” 
 

The apps reported by Trend Micro are:

Trend Micro报道的应用程序有:

Indicators of Compromise (IoCs)

妥协的指标

Package Label Installs
com.beauty.camera.years.pro Pro Camera Beauty 1,000,000+
com.cartoon.art.photo.ygy.camera Cartoon Art Photo 1,000,000+
com.lyrebirdstudio.emoji_camera Emoji Camera 1,000,000+
art.eff.filter.photo.editor Artistic effect Filter 500,000+
art.filter.editor.imge Art Editor 100,000+
com.beauty.camera.project.cloud Beauty Camera 100,000+
com.selfie.camerapro.pro Selfie Camera Pro 100,000+
com.camera.beauty.kwok.horizon Horizon Beauty Camera 100,000+
com.camera.ygysuper.photograph Super Camera 100,000+
com.effects.art.photo.for.self Art Effects for Photo 100,000+
com.solidblack.awesome.cartoon.art.pics.photo.editor Awesome Cartoon Art 100,000+
com.photoeditor.artfilterphoto Art Filter Photo 50,000+
com.photocorner.artfilter.arteffect.prizma Art Filter Photo Effcts 10,000+
com.picfix.cartoonphotoeffects Cartoon Effect 10,000+
com.picsartitude.arteffect Art Effect 10,000+
com.csmart.photoframelab Photo Editor 5,000+
com.wallpapers.nuclear.hd.hd3d.best.live.nuclear Wallpapers HD 5,000+
com.perfectmakeup.magicartfilter.photoeditor.selfiecamera Magic Art Filter Photo Editor 5,000+
appworld.fillartphotoeditor.technology Fill Art Photo Editor 1,000+
com.artflipphotoediting ArtFlipPhotoEditing 1,000+
com.artphoto.artfilter.artpiczone Art Filter 1,000+
com.photoeditor.cartoonphoto Cartoon Art Photo 1,000+
com.photoeditor.prismaeffects Prizma Photo Effect 1,000+
com.cmds.artphotofiltereffect Cartoon Art Photo Filter 100+
com.latestnewappzone.photoartfiltereditor Art Filter Photo Editor 100+
com.livewallpaperstudio.pixture Pixture 100+
app.pixelworlds.arteffect Art Effect 50+
timepassvideostatus.photoarteffect.cartoonpainteffect Photo Art Effect 10+
com.techbuzz.cartoonfilter Cartoon Photo Filter 5+
程序包O 标签 安装量
com.beauty.camera.years.pro Pro Camera Beauty 1,000,000+
com.cartoon.art.photo.ygy.camera Cartoon Art Photo 1,000,000+
com.lyrebirdstudio.emoji_camera Emoji Camera 1,000,000+
art.eff.filter.photo.editor Artistic effect Filter 500,000+
art.filter.editor.imge Art Editor 100,000+
com.beauty.camera.project.cloud Beauty Camera 100,000+
com.selfie.camerapro.pro Selfie Camera Pro 100,000+
com.camera.beauty.kwok.horizon Horizon Beauty Camera 100,000+
com.camera.ygysuper.photograph Super Camera 100,000+
com.effects.art.photo.for.self Art Effects for Photo 100,000+
com.solidblack.awesome.cartoon.art.pics.photo.editor Awesome Cartoon Art 100,000+
com.photoeditor.artfilterphoto Art Filter Photo 50,000+
com.photocorner.artfilter.arteffect.prizma Art Filter Photo Effcts 10,000+
com.picfix.cartoonphotoeffects Cartoon Effect 10,000+
com.picsartitude.arteffect Art Effect 10,000+
com.csmart.photoframelab Photo Editor 5,000+
com.wallpapers.nuclear.hd.hd3d.best.live.nuclear Wallpapers HD 5,000+
com.perfectmakeup.magicartfilter.photoeditor.selfiecamera Magic Art Filter Photo Editor 5,000+
appworld.fillartphotoeditor.technology Fill Art Photo Editor 1,000+
com.artflipphotoediting ArtFlipPhotoEditing 1,000+
com.artphoto.artfilter.artpiczone Art Filter 1,000+
com.photoeditor.cartoonphoto Cartoon Art Photo 1,000+
com.photoeditor.prismaeffects Prizma Photo Effect 1,000+
com.cmds.artphotofiltereffect Cartoon Art Photo Filter 100+
com.latestnewappzone.photoartfiltereditor Art Filter Photo Editor 100+
com.livewallpaperstudio.pixture Pixture 100+
app.pixelworlds.arteffect Art Effect 50+
timepassvideostatus.photoarteffect.cartoonpainteffect Photo Art Effect 10+
com.techbuzz.cartoonfilter Cartoon Photo Filter 5+


 

The report is the latest to demonstrate that Google can’t be counted on to proactively detect malicious apps available in Play. That puts the onus on end users to carefully scrutinize apps before installing them. One way to do this is to read comments to see if anyone has reported suspicious things, such as receiving pop-up ads, after installing an app. Another important strategy is to limit downloads to those that are truly necessary or useful, and then only when they’re developed by a recognized company. Niche apps that provide little tangible benefit should be avoided.

该报告是最新的证明谷歌不能被指望主动检测恶意应用程序的报告。这让终端用户有责任在安装应用程序之前仔细检查它们。要做到这一点的方法之一是阅读评论,看看有人报告可疑的东西,如接收弹出式广告,在安装一个应用程序,另一个重要的策略是限制下载那些真正必要的或有用的,并且当他们是一个公认的公司开发。应该避免提供很少切实利益的小众应用。
 

0 条评论
评论不能为空