500,000 Duped Into Downloading Android Malware Posing As Driving Games On Google Play (forbes.com) 62
Be careful what you're downloading from Google Play. Especially if it's one of 13 apps posing as driving games created by one developer called Luiz Pinto. From a report: More than 560,000 have already been tricked into downloading the games, which include a mix of luxury car and truck simulation apps, as discovered by Android malware researcher Lukas Stefanko. Once installed on a user's Android device, the games don't actually work. Looking at the reviews on Google Play, users who downloaded them complained it was a virus. For instance, among the masses of one-star reviews for the Truck Cargo Simulator, one noted his device slowed down after it forced him to download an app that wasn't the game itself. Many simply called it a scam.
obligatory (Score:1)
A strange game.
The only winning move is
not to play.
Re: (Score:1)
Re: (Score:1)
Android is open source, meaning you have a choice of tons of ROMs or to put together your own from AOSP.
Google Play isn't the only place you can get apps from. Amazon and F-Droid have them too. All of my Android apps come from F-Droid.
Re: (Score:1)
Android is not open source. AOSP is open source.
Android isn't AOSP, and hasn't been in a long, long time.
Android is AOSP + custom bullshit + drivers/firmware + Google's services & frameworks + Google's store and apps.
The "stock" Android people say they love on the Pixels is all of the above, but with additional services and apps that Google makes exclusive to the latest Pixel device, then slowly trickles them out to the older Pixel devices (maybe).
Re: (Score:2)
That's merely a steaming pile of No True Scotsman.
If you don't have the google services, it is still Android.
Maybe you just don't know what the words mean?
Re: (Score:2)
If you don't have the google services, it is still Android.
Wrong. Look at how Google licenses and brands Android. Look at what OEMs are forced to agree to if they want to advertise their device as an Android device. Look at what they have to agree to to get access to the latest builds of Android.
Re:TFA is ridiculous (Score:4, Insightful)
Re: (Score:2)
Maybe it is partly Google's fault. How long did it take for them to react and remove the offending applications?
Re: (Score:2)
Google could do better to protect users on Google Play, Stefanko added. "Many times it would be simply enough to scan apps with anti-virus software before uploading them on to Google Play," he said. Given Google owns an organization that could do just that, Virus Total, that shouldn't be too much of an ask.
From reading TFA, it sounds like the apps were shells with no real content (or malware), then attempted to download and install malware via "unknown sources", for users that had that enabled. In other words, the game wasn't really detectable malware, it just wasn't a game, and attempted to exploit users that ignored all of the security warnings telling them not to install from untrusted sources.
This is why the Fortnite installer was such a big deal. It forced users to allow install from unknown sources. How
Re: (Score:2)
3. The user assumed that because the first app came from said Authority, and had said Authority's blessing, that anything subsequent apps did was "safe" and "approved" as well.
For the trojan to get installed the user had to explicitly bypass security settings and ignore many security warnings. So your claim is that in spite of the authority telling the user to explicitly not do something, they did it anyway, and that's the authority's fault. Well I am sorry, but that's not how reality works.
Re: (Score:2)
People download and install a game(s) that has "masses" of one-star reviews saying "this shit don't work" and "probably a virus" and clearly that's somehow Google's fault. Gotcha.
And how do you think those "masses" of one-star reviews got posted, if not for "masses" of people downloading and installing it in the first place?
Re: (Score:2)
Walled gardens are great because they protect you from malware. It's good for you!
Wait, you got malware? It's your own damn fault!
Re: (Score:2)
It is that people keep coming up with dodges that evade the scanning and then the scanning engines have to get updated to deal with the new malware. This is just another instance of that.
That's funny!
Unscrupulous Developers try that stuff constantly with the iOS and Mac App Stores, too.
But the difference between them and Google Play, is that with the Apple App Stores, I can count the successful "dodges" on just a few fingers.
Re: (Score:2)
Dog bites man
Water is wet
Trump Lies
The Patriots are cheaters
FTP (not the ancient file transfer protocol this time)
Re: (Score:2)
It's so old news, you forget we've always been at war with Finland over their forest raking.
Only socialists and communists rake their forests.
It's like not letting people pump their own gas, creating so many jobs in NJ and Oregon.
In other Rake News...
Google Play is malware (Score:1)
Re: (Score:2)
If you can't reproducibly build the apks yourself, and install them without Google, that is 'bad' / 'unhappy' enough to be considered badware/unhappyware/malware.
That's up to the developer. If they want to post their source for you to build and install outside of Google Play they can do that. In fact, you can even choose to only install such apps. You can do this today.
Re: (Score:1)
It's much worse than that... (Score:2)
Re: (Score:2)
The problem you're describing is the fault of Google Play.
Google warns against side loading, but what's the risk differential?
Google's walled garden's got cracks in it and can't be trusted.
Re: (Score:2)
Nor can Apple's. How many white hat hackers penetrated the walled garden and got away with it? All of them. Only when they self reported did they get booted.
Add to that nobody else can reliably scan apps for malware, and you're just asking for it
You mean like BOTH of them?
Funny that there haven't been any significant malware incursions in either of Apple's App Stores, whereas there have been literally HUNDREDS OF THOUSANDS in Google Play.
Somehow, I don't see the equivalence you are trying to foist.
The difference (Score:2)
Nor can Apple's. How many white hat hackers penetrated the walled garden and got away with it? All of them.
I would not say all, because you cannot know how many attempts were stopped at review stage.
Furthermore, there have been a number of instances where something with a problem did make it through, but Apple withdrew it. Those were not "self-reported".
But on top of that iOS has long been simply a better environment to accidentally download a malicious app into... for what harm could it do? It was going
Re: (Score:3)
If you care that much about security, you already were refusing to install apps that ask for more permissions than they absolutely need for their core purpose.
If you're like the average user and you're willing to say "yes" to letting a random application that isn't a phone dialer or email app access your mobile contacts, you've already agreed to be p0wned.
You use it, you trust it.
If you trust stuff you downloaded off the internet, you're already pre-p0wned; your system of using technology not only lacks basic protections, it lacks
So far only "reports" and supposition (Score:3)
Re: (Score:2)
OTOH, I'm not convinced either.
OTOH, I'm going to keep using fdroid for most apps, and not installing anything that wants more permissions than it needs.
Luiz is a Prick ? (Score:2)
one developer called Luiz Pinto
Isn't "Pinto" Portuguese for a dick ?
Re: (Score:2)
I mean, "Johnson" is English for a dick and millions of people have the last name. What's your point?
Re: (Score:2)
My point is that this guy might be having a laugh at his victims with his name.
Worked for me (Score:1)
Whaddya mean it's fake? I went for a nice simulated drive with a Nigerian Prince in the countryside.