Be careful what you
download.
Researchers find apps spying on
their users available for download in the Android play store.
Four apps available
on the Google Play Store were spying on users in secret, according to research
released Friday by Mobile security company Lookout. Running a malicious code
that Lookout has dubbed Overseer, the apps could track your latitude and
longitude and collect information on who you were emailing when.
"That
information is incredibly valuable to an attacker who wants to find out where a
person is and who they're talking with," said Kristy Edwards, product
manager for security research at Lookout.
One of the apps,
called Embassy, functioned as advertised in the Play Store, letting users look
up their nation's embassy in foreign cities. In the meantime, it turned users'
phones into homing devices and sent out email contact lists to accounts hosted
on servers run by Facebook and Amazon. The other apps advertised themselves as
news apps but didn't actually work. Nonetheless, they also contained Overseer.
Google has since
removed the apps from the Play Store, according to a Lookout spokesperson.
Google confirmed that apps' removal but declined further comment.
Edwards said she
can't speculate on who created Overseer. She said the malicious software, which
hasn't been identified in any other mobile apps so far, uses a novel technique
to avoid detection.
Often, malicious
software shows its hand by sending data to a random server in a foreign
country. The fact that Overseer was sending user information to an account
hosted by a Facebook service makes everything look above board.
That's useful for bad
guys, because these days, companies are monitoring their employees' work phones
for proble
ms just like
Overseer. Tricks like these make it hard to see "weird traffic,"
Edwards said.
Source: C|Net
Source: C|Net
No comments:
Post a Comment