NEWS
NEWS
NEWS
New Overseer malware that steals personal details spotted in Google Play
Google has removed four apps from its Play Store after they were discovered to be carrying a new form of malware dubbed Overseer.
Discovered by security firm Lookout Inc., Overseer was found packaged with four apps and once installed could steal a user’s name, phone number, email address and contact history, along with a host of sensitive user information including a user’s precise location, network ID, internal and external memory, phone type, network operator, device and Android information, Device IMEI, IMSI, MCC, MNC and details about installed packages.
Personal data including location area code, the version of Android being used on the infected device, its user build and whether the device has been rooted was also being captured by the malware.
Travelers
One interesting aspect found of Overseer is that it was specifically targeting foreign travelers, particularly those who downloaded an embassy search app. Over apps infected included Russian and European News related applications.
“The legitimate functionality of the Embassy application aimed to provide a user with the ability to search for the addresses of specific embassies in any geographic location. At the time of analysis, the legitimate functionality was not working, however, the command-and-control server was active,” said Michael Flossman, a security analyst at Lookout told Threatpost.
Another aspect was Overseer’s command and control (CNC) using Facebook’s Parse Server hosted on Amazon Web Service, which apparently allows the malware to remain hidden as by using HTTS and CNC on a popular cloud service it doesn’t stand out. In a way, it was hiding in plain site.
Google has since removed the apps from the Play Store but it does raise the question again about Google’s ability to filter for infected applications.
While the vast majority of infected Android apps come from third party stores, the reality is that we continue to see more and more examples of infected apps being distributed by Google itself, including the Godless malware that was said to have infected 850,000 devices back in June, and the “porn clicker” malware that was found in over 300 apps in the Google Play store in February.
There may be no easy answer for Google to better control malware on the Google Play store because no one wants it to go down Apple’s path and strictly control what gets in to start with. But something must be done before the growing numbers of infected apps start to damage the Android ecosphere.
Image credit: intelfreepress/Flickr/CC by 2.0
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
