Obvious Android Malware App Missed by Google Bouncer & Most Antivirus Products

Craig 

I always love seeing Android phones packed to the gills with Antivirus software. The latest session to come out of DefCon goes to show that Antivirus on Android is not only a good idea but sadly it might not even help. Craig Young, a researcher at security firm Tripwire, showed off a pretty easy exploit at DefCon. He posted a proof of concept app in Google Play that steals an Android users Webtoken for their Google account. The app pretended to be a stock viewing app for Google Finance and was on Google Play with a description that clearly said it was malicious and should not be installed by users. When installed it would ask for permission to access a URL that starts with weblogin and includes finance.google.com. If you do then it will log you into Google Finance and everything would work like a charm but it would send your login token to an attack server to be used to login to EVERY OTHER GOOGLE SERVICE including Gmail, Calendar, etc.

The really scary part is that Google’s Bouncer scanner that is supposed to find such malicious apps and block them totally missed this app. Better yet most antivirus and antimalware applications also missed what the app was doing except for one privacy advisor application. Alexandru Catalin Cosoi, the chief security strategist at antivirus vendor Bitdefender, said it best to PC World stating that:

"Today’s presentation showed that with enough ingenuity and effort you can easily bypass apparently well protected systems"

It took a month for the app to even be reported as malicious in Google Play… In other words even BlackBerry users should keep a close eye out on the apps they install and the permissions they give to the apps. This goes even more so on Android where users live in a warzone of malicious applications. Even though this vulnerability was reported to Google in February only parts of it has been fixed since. So far Google has stopped you from ripping out every single data there is about a user through Google Takeout but has not blocked it for Gmail or Google drive on Android.

Kudos to PC World for the report

8 total comments on this postSubmit your comment!
  1. This sort of app should still work on BB10 and that means that we need 2 antivirus apps, one for bb10 and one for Android.

  2. How do you suggest we, BlackBerry users, be careful? I do not and won’t load any android stuff.
    Thank you for the heads up.

  3. This once again proves Android is a Virus and Maleware nightmare. Not sure if BBRY devices side loading Andoid is affected, but I do know nothing passes BBRY Security without being approved.

  4. QUOTE: “most antivirus and antimalware applications also missed what the app was doing except for one privacy advisor application.”

    Could you please elaborate on which privacy app was actually successful in detecting the webtoken malware?

    Thank you in advance.

  5. It looks like Google is learning what Microsoft learned years ago and what what Apple has always denied. There is security in obscurity. Windows, WordPress, Android, Apache, etc. Hackers go for the biggest targets.

  6. Hmm there is nothing wrong with a reputation app for BlackBerry 10 but I have yet to see a good one. BlackBerry is already reviewing and scanning the apps submitted into BlackBerry world for potential issues but that is far from fool proof. If you are sideloading Android apps I would make sure to only Sideload reputable apps procured from reputable sources. This particular vulnerability would not work on BlackBerry 10 since it does not have this functionality. There is also very very little an Antivirus app can do on BlackBerry 10 which makes them more or less useless compared to Android where they are critical.

    In short just be careful what Android apps you sideload.

  7. A very good reason to be extremely viligant about what you put on your device. Always read reviews and do a little research about developers. Most things I have on my devices come from well known Berry developers. A lot of people don’t pay attention to that type of stuff. Many in my family among them.

  8. Which privacy app was that?

Latest Articles from

AndroidEffect - Improving Android One Tip at a Time

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2014’ BerryReview LLC