Google said it blocked more than 2.36 million Android policies applications that have been published on the Google Play App in 2024 and banned more than 158,000 bad accounts for developers who tried to publish such harmful applications.
The technical giant also noted that during this period of time it prevented 1.3 million applications from getting excessive or unnecessary access to sensitive users while working with third -party app developers.
In addition, Google Play Protect, A Security function This is allowed by default on the Android device for the flag of new threats that have discovered 13 million new malicious applications outside the official app store.
“As a result of close partnership with developers over 91% of applications are installed in Google Play store, which now use the latest Android 13 or more defense,” Bethel Otuteye and Khawaja Google Play Trust and Security – Note.
For comparison, the company has blocked 1.43 million and 2.28 million Risky apps from Play Store in 2022 and 2023 respectively.
Google also said the use of developers Play in API integrity .
In addition, the company’s efforts to Automatically block the boot Potentially dangerous applications in markets such as Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, Singapore, South Africa, Thailand and Vietnam, provided 10 million devices with at least 36 million risky installation attempts by drawing more than 200,000 Unique applications.
Complementing these initiatives, Google this week has announced that it submits a new “proven” sign for VPN applications, which have come to consumers who have successfully completed your mobile app security (MASA). Google initially submitted this plan In November 2023.
“This new icon is designed to emphasize applications that prioritize privacy and security priorities help users make a more substantiated choice of VPN applications that they use, and create confidence in the supplements they ultimately load,” – Note.
If anything, data show that Android and Google Play protection is constant effort as the new malware continues to find the road to mobile devices.
The most recent example is Tria Ctyler, which was found primarily on Android users in Malaysia and Brunei. The company is believed to have been going on at least March 2024.
Distributed by personal and group chats in Telegram and WhatsApp as APK files, malicious applications require sensitive business permits, and Yahoo! Mail.
There are some data that suggest that malicious software is the work of the Indonesian threatening actor, due to the presence of artifacts written in Indonesian, and the names of the telegrams used to hold teams and control (C2) servers.
“Tria Steelre collects SMS victim data, tracks call logs, messages (eg WhatsApp and WhatsApp Business), as well as e -mail data (eg, Gmail and Outlook), Caspersorski – Note. “Tria theft highlights the data by sending them to different telegrams using API Telegram for communication.”
The stolen information is then used to kidnap personal messages such as WhatsApp and Telegram, and put themselves for the victims, trying to ask for money from contacts to their bank accounts, and to perpetuate AFU for all their family and friends.
The fact that TRIA theft can also retrieve SMS messages shows that operators can also use malicious software for theft of one-time passwords (OTPS), which potentially provides them with access to various online service, including bank accounts.
Caspersky said the company demonstrates some similarities with another cluster of activity that distributed a piece of malicious software called Udangastel in 2023 and in early 2024, focusing on Indonesian and Indian casualties using wedding invitation, delivery of packages and bait support Customers. However, at this stage there is no evidence to tie two families of malware to the same actor.
