New Google Play Store malware highlights disturbing trend of multi-stage Android attacks

Antivirus software application maker < a href= > a string of malware in the official Android app shop that appears to be continuing unabated despite the intro of Google Play Protect, which is indicated to block malware from being released in the shop.

What the current string of attacks have in typical is that they all bypassed Google Play Safeguard the same way, using a multi-stage attack. Multi-stage malware might be disguised as anything, doesn’t contain any actual malware code, and could be responsible for any kind of infection its developers desire.

In other words, it’s unsafe and unnoticeable.

The invisibility of multi-stage attacks

All 8 of the malware-dropping apps that ESET discovered were of the same multi-stage design that prevent arousing suspicion by not containing any destructive code.

Exactly what they do contain are numerous layers of encrypted payloads that eventually download malware from a site hardcoded into the payloads. When it comes to the latest discovery, the ultimate objective is to install Android/TrojanDropper. Agent.BKY on the jeopardized device.

When the app is at first installed from Google Play it doesn’t even ask for any suspicious looking consents. All its nefarious work is done undetectably in the background as it decrypts and runs its first payload, which in turn decrypts and runs the second one.

The second-stage payload reaches out to the malware-hosting site and downloads the third-stage payload. It’s at this point that the malware triggers the user to accept an installation of what appears to be a benign update– either to Flash Player, something Adobe related, and even an Android system upgrade.

If at this point the user questions the install, the entire process can be stopped without additional damage– multi-stage Android attacks are actually asking you to install malware.

If the set up request is accepted the third payload decrypts and runs its contents: the real malware.A sign of things

to come?All 8 of the destructive apps ESET

discovered dropped a banking trojan that displayed fake login pages on infected gadgets, but that’s simply one example of how multi-stage attacks could put Android users, and the majority of everyone else, at danger. Multi-stage malware could be used to drop ransomware, keyloggers, rootkits– essentially anything that can be transferred to a gadget. Google Play Protect is developed to stop malware from getting to Android users, but current attacks have actually made it apparent that it’s not designed to discover multi-stage payloads. Until Google discovers a method to find those apps, users are taking a danger installing anything that does not originate from a popular, trustworthy designer. That stated, your Android device’s security versus multi-stage attacks, given that you ca

n’t depend on Google Play Safeguard to do it, can be enhanced in the following methods: Constantly check out the approvals demands from an app, and do not give them if they look suspicious. Never ever offer authorizations to an app that you do not recognize.Install an antivirus app on your device to make sure a multi-stage attack app isn’t really downloading harmful software in the background.Never install apps from outdoors Google Play. Play Protect may not be perfect, however it’s still keeping your gadget much safer than third-party stores or sites can.

  • Change the DNS settings on your Wi-Fi network, or Android gadget, to point at Quad9, a free DNS from IBM Security that filters out all known bad IP addresses. This can avoid a multi-stage attack from finishing by obstructing the site the app aims to download its 3rd payload from. The top 3 takeaways for TechRepublic readers: Antivirus software application maker ESET found eight brand-new malware apps hiding in Google Play. They bypassed Play Safeguard by being multi-stage attack apps that download malicious payloads from the web. Multi-stage malware pulls its real attack from the web and requires the user’s authorization to install.
    1. These attacks usually masquerade as Adobe or Android system updates. Google Play Protect isn’t catching multi-stage attacks– this is simply the current of numerous. Protect your device by installing anti-viruses software, taking note of app consent requests, and only downloading apps from understood, credible developers. Image: iStock/CarmenMurillo
    2. Disclosure Brandon Vigliarolo has nothing to disclose. He does not hold financial investments in the technology companies he covers.< div data-modal-options=' "position":"fixed"'> Full Bio Brandon discusses apps and software application for TechRepublic.

    He’s an award-winning feature

    author who previously worked as an IT expert and functioned as an MP in the United States Army.