Malware rains on Google’s Android Oreo parade [source: nakedsecurity]
by CIRT Team
Google has had an exciting summer, for good and bad reasons.
The good news: Google just officially launched the eighth version of its operating system, Android Oreo, with enhancements for battery life and security. Last month, it also began rolling out a new feature called Google Play Protect, designed to scan apps that could cause harm to your Android device and data.
The bad news: at least five different types of malware were found in Google Play in August alone, including spyware, banking bots and aggressive adware. Thousands of apps contain these malicious payloads and have infected millions of users.
Yesterday, we reported that Google has had to pull some 500 apps from its Play Store, which together had been downloaded more than 100m times. The apps – which weren’t in themselves malicious – all used a software development kit (SDK) called Igexin. Among other things, the Igexin SDK has the ability to spy on victims “through otherwise benign apps by downloading malicious plugins”. Advertising SDKs make it easy for app developers to tap into advertising networks and deliver ads to their users.
More more detail, click here.