Malicious apps for Android have been identified by researchers, with over 280 apps discovered that use optical character recognition (OCR) to steal cryptocurrency wallet credentials from infected devices. These apps pretend to be official ones from banks, government services, TV streaming services, and utilities. They secretly access text messages, contacts, and stored images on infected phones, sending them to remote servers controlled by the app developers. The apps are often found on malicious sites and distributed through phishing messages. Notably, none of the apps were identified on Google Play.
The most surprising aspect of this particular malware campaign is the use of OCR software to extract cryptocurrency wallet credentials displayed in images stored on infected devices. Cryptocurrency wallets often allow users to protect their wallets with mnemonic credentials, which are easier to remember than complex character combinations. Words are also easily recognized by humans in images. The discovery was made by SangRyol Ryu, a researcher at McAfee, who gained unauthorized access to the servers that received the stolen data. Weak security configurations were responsible for the unauthorized access. One page of interest displayed a list of words and a corresponding image taken from an infected device.
It became clear that the attackers’ primary objective was to obtain these mnemonic recovery phrases for cryptocurrency wallets, suggesting a significant emphasis on gaining access to and possibly depleting victims’ crypto assets. Optical character recognition is the process of converting images of text into machine-encoded text. OCR has been around for years and is commonly used to convert characters captured in images into readable and manipulable format by software. In this case, the use of OCR points to a high level of sophistication in handling stolen data.
The malicious apps have undergone multiple updates over time. Initially, they used HTTP to communicate with control servers, but now they connect through WebSockets, which is more challenging for security software to analyze. This change makes the malware more versatile and harder to detect. Furthermore, developers have updated the apps to better obfuscate their malicious functionality. Obfuscation methods include encoding strings within the code to make them less readable to humans, adding irrelevant code, and renaming functions and variables, confusing analysts and hindering detection. Although the malware has primarily been found in South Korea, it has recently started spreading within the UK, indicating a deliberate expansion of operations and targeting of new user groups with localized versions of the malware.
The emergence of these malicious apps highlights the ongoing threat landscape that Android users face. It is crucial for users to remain vigilant and take necessary precautions to protect their devices and sensitive information. Here are some tips to stay safe:
1. Stick to official app stores: Download apps only from trusted sources, such as Google Play, which have security measures in place to minimize the risk of malware.
2. Scrutinize app permissions: Pay attention to the permissions requested by an app during installation. Be cautious if an app requests unnecessary permissions that seem unrelated to its functionality.
3. Keep software up to date: Regularly update your Android operating system and apps to ensure you have the latest security patches and bug fixes.
4. Use reputable security software: Install a reliable antivirus or security app on your Android device to detect and remove malware or suspicious apps.
5. Be cautious of phishing attempts: Be wary of unsolicited messages, especially those from unfamiliar sources, that prompt you to download apps or click on links. Exercise caution when sharing personal information online.
6. Review app reviews and ratings: Read user reviews and ratings before downloading an app to get an idea of its legitimacy and performance.
7. Regularly backup your data: Regularly back up your data, including photos, contacts, and important documents, to ensure you can recover them in case of a malware attack or device loss.
8. Educate yourself about malware threats: Stay informed about the latest malware threats and tactics used by cybercriminals. This knowledge will help you recognize suspicious activities or signs of malware on your device.
By following these best practices and staying informed about the evolving threat landscape, Android users can protect themselves from falling victim to malicious apps and other cybersecurity risks. It is essential to prioritize cybersecurity and take proactive steps to safeguard personal information and digital assets.
Source link
