this post was submitted on 02 Jun 2024
407 points (89.7% liked)

Technology

59602 readers
3240 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] NeatNit@discuss.tchncs.de 221 points 5 months ago (1 children)
[–] original_reader@lemm.ee 161 points 5 months ago (2 children)

Jup. It just says that "the malware was disguised as PDF and QR code readers".

Not helpful, Mashable. Not helpful at all.

[–] Skua@kbin.earth 55 points 5 months ago (1 children)

In fairness to Mashable, this isn't their fault. The people that made the report didn't make the list public.

[–] steersman2484@sh.itjust.works 88 points 5 months ago (1 children)

Then why is this the subtitle:

The apps identified have since been removed from Google Play, but make sure you didn't install one.

[–] Passerby6497@lemmy.world 26 points 5 months ago

Because tech journalism is trash on the best days, and these android malapps articles only ever amount to blogspam to make you nervous. I don't think I've seen more than a handful of these articles that actually warns you about the actual apps instead of just talking about the problem without relevant specifics.

load more comments (1 replies)
[–] starman2112@sh.itjust.works 132 points 5 months ago (1 children)

These articles are useless without a damn list

[–] foremanguy92_@lemmy.ml 13 points 5 months ago
[–] helpImTrappedOnline@lemmy.world 130 points 5 months ago* (last edited 5 months ago) (2 children)

Am I just missing it, or is there no list of of these infected apps on the posted article or the reference the article links to. To me, that is the most important information.

[–] Vendemus@lemmy.world 43 points 5 months ago (1 children)

It is about halfway down the article, but you have to dodge a few adds to get to that part.

"The two apps mentioned in the report were called "PDF Reader and File Manager" by Tsarka Watchfaces and "QR Reader and File Manager" by risovanul."

[–] helpImTrappedOnline@lemmy.world 42 points 5 months ago

Well, I did miss that, I was skimming for something like a large list or table. That still leaves 86/90+ unlisted.

[–] beefbot@lemmy.blahaj.zone 19 points 5 months ago

Agreed. If this article didn’t contain a way to check the apps, that would be irritating

[–] mtchristo@lemm.ee 51 points 5 months ago (22 children)

Aren't apps on android hermetically sealed from other apps and malware. How could this be achieved ?

[–] whyrat@lemmy.world 37 points 5 months ago

Since the other reply was unhelpful: apps are supposed to have limited privileges and isolation from each other, yes... But the whole point of malware like this is that they figure out ways to break those restrictions and get escalated privileged.

You can get more technical detail from reading the report, in this case it looks like the app does not contain malware, but instead requests an update after install that contains the bad code and then breaks the app limitations and scans for the target banking applications and copies the security certificates.

load more comments (21 replies)
[–] shortwavesurfer@monero.town 40 points 5 months ago (7 children)

And this right here is why you use open source apps.

[–] jeena@jemmy.jeena.net 32 points 5 months ago (15 children)

This only would work if you check every line of source code, even the dependencies and build chain, and then build it yourself. See xz utils backdoor or heartbleed, etc.

[–] Excrubulent@slrpnk.net 40 points 5 months ago (2 children)

The whole point is that at some point somebody can check, and you can have a higher level of trust in that than proprietary software.

And if someone does something like this then it has to be disguised as an innocuous bug, like heartbleed, they can't just install full on malware.

It's a different beast entirely.

[–] Jako301@feddit.de 19 points 5 months ago (4 children)

If we are talking about bigger projects with hundreds of thousands or millions of downloads, than this may be true. But smal scale projects have so few people actively looking through them that even to automatic scan done by the playstore has a higher chance of catching malware. It doesn't even have to be bad intent, two years ago there was a virus propagating trough the Java class files in minecraft mods which reached the PCs of quite a few devs before it was caught.

I don't dislike FOSS, a lot of the apps I use come straight from github, but all this talk about them beeing constantly monitored by third parties is just wishful thinking.

load more comments (4 replies)
[–] dalakkin@lemmy.world 8 points 5 months ago

There is no guarantee that the released app is exactly the same as the source code when getting it on Google Play. You'd have to decompile or compile from source and try to compare.

Using F-Droid is good alternative.

[–] NaiveBayesian@programming.dev 9 points 5 months ago (1 children)

The thing is we only know about these vulnerabilities in such great detail because the projects are open source. God knows what kund of vulnerabilities are hidden in closed source software.

[–] jeena@jemmy.jeena.net 5 points 5 months ago (1 children)

Yes, but we don't know what we don't know. There are many problems like that in open source too, and even if we can look nobody does.

Therefore I find it problematic to say that just because you use open source programs you're safe like the parent tried to.

[–] NaiveBayesian@programming.dev 7 points 5 months ago (1 children)

Yes, important to keep in mind that software being open source doesn't automagically make it secure™.

Still, I think it's important to stress that the benefits of open source outweigh the risks when it comes to security (imho).

load more comments (1 replies)
[–] shortwavesurfer@monero.town 7 points 5 months ago (1 children)

Yes, of course. However, when it's open source, at least somebody is capable of checking those things, even if it is not you. Somebody in the community is capable of doing so.

[–] jeena@jemmy.jeena.net 9 points 5 months ago (2 children)

Yes, that is true, but let's not pretend that just because some one is theoretically able to, that all source code is constantly monitored by 3rd parties.

[–] shortwavesurfer@monero.town 6 points 5 months ago

Oh, absolutely, that's true. Definitely smaller projects have less audited code, and even bigger projects can have bugs. Heart bleed ring a bell, LOL. However, when open source software has a bug and it is discovered, it is fixed by somebody in record time, whereas in closed source software, you don't know that there is a bug that can be exploited and it definitely won't be fixed until it's reverse engineered or something or exploited.

load more comments (1 replies)
load more comments (12 replies)
load more comments (6 replies)
[–] Pxtl@lemmy.ca 38 points 5 months ago (3 children)

As somebody who occasionally had to develop for android: the churn of improvements to app security was a huge pita. And as a user I know many of the abandoned apps that I liked that lost compatibility was for that reason.

So the fact that in spite of this pain, Android security still allows apps to do horrible crap like that is infuriating.

[–] efstajas@lemmy.world 22 points 5 months ago (2 children)

If you read the original report, it says that it basically just displays a fake banking login page. It also says that it requested accessibility service permissions, which makes me think maybe it brought up the fake login pages "in the right moment" (as in as users opened their banking apps) to make it more convincing, even though the article doesn't specify that.

Either way, IMO the problem here is clearly with the Play Store allowing this app in, and not with Android's security itself. These apps are misusing the accessibility service system, which is obviously necessary for a ton of important use cases (and of course also requires the user to grant very explicit permission). The fact that the accessibility services are a thing doesn't delegitimize Android's security improvements over the years.

load more comments (2 replies)
[–] atrielienz@lemmy.world 8 points 5 months ago (2 children)

The app doesn't contain malware when it's uploaded to the play store. It forced an update after it's installed that contains the malware.

[–] Pxtl@lemmy.ca 9 points 5 months ago (3 children)

That's not what I mean. I'm not thinking about Play Store security, but Android OS security. Like, your app physically has to ask for permission (or even require the user manually change settings) to do most unsafe things.

load more comments (3 replies)
load more comments (1 replies)
[–] dev_null@lemmy.ml 4 points 5 months ago

According to the report, the app just displays a fake login page. I don't see a good way to prevent this.

[–] sfcl33t@discuss.tchncs.de 30 points 5 months ago

From the actual report:

"Over the past few months, we identified and analyzed more than 90 malicious applications uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs.

Recently, we noticed an increase in instances of the Anatsa malware (a.k.a. TeaBot). "

So not 5.5M installs of this specific malware, FWIW

[–] Hedup@lemm.ee 28 points 5 months ago (1 children)

I got many apps installed. I don't keep in my memory what I have. How do I check that I don't have any from those compromised?

[–] tomjs@lemdro.id 18 points 5 months ago

Go to Settings and search for Google Play Protect. Tap Scan, and if it results in No harmful apps found, you're safe.

[–] Sam_Bass@lemmy.world 15 points 5 months ago

AI probably "wrote" that

[–] whereBeWaldo@lemmy.dbzer0.com 13 points 5 months ago

Hello EVERYONE here's a list of 50 unbelieveable products that will change your life and grant you immortality:

[–] mundane@feddit.nu 12 points 5 months ago

Anatsa uses advanced techniques to avoid >detection and gain access to banking >information.

Anyone who knows what those advanced techniques are?

[–] the_doktor@lemmy.zip 6 points 5 months ago (11 children)

Can't steal my bank info if I use cash only...

[–] LordWiggle@lemmy.world 5 points 5 months ago (5 children)

How though. Over here cash isn't accepted anymore at most places. I only use cash for buying drugs. Most stores and groceries only accept card. Same with bars and clubs. I honestly have no idea besides drugs what to use cash for.

load more comments (5 replies)
load more comments (10 replies)
load more comments
view more: next ›