Thu, Mar 30, 2017 | updated 10:24 AM IST

Like humans, Malware learns to bypass 'Anti-Fraud Mechanisms' of Google Play Store

Updated: Sep 01, 2016 15:20 IST

New Delhi [India], Sep 1 (ANI): Kaspersky Lab experts have discovered an Android trojan called Guerilla, which attempts to overcome the Google Play Store anti-fraud protection mechanisms.

Itusesa rogue Google Play client application that behaves as if there was a real human behind it. This fake app allows attackers to conduct shady advertisement campaigns using infected devices to download, install, rate and comment on the mobile applications published on Google Play.

The malware is only capable of abusing Google Play mechanisms from rooted devices.

As a platform for millions of users and software developers, Google Play is an attractive target for cybercriminals. Among other things, cybercriminals use the Google Play Store to conduct so-called Shuabang campaigns, which are widespread in China.

These are fraudulent advertisement activities aimed at promoting some legitimate apps by granting them the highest rates, increasing their download rates and posting positive comments about them on Google Play.

The apps used to conduct these advertisement campaigns usually do not pose any standard threat to the owner of an infected device, such as data or money stealing, but they can still do harm: the ability to download additional apps on the infected device results in extra charges for mobile Internet traffic, and in some cases Shabang apps are capable of covertly installing paid programs, along with free ones; using the bank card attached to the victim's Google Play account as the payment method.

To conduct these campaigns, criminals create multiple fake Google Play accounts or infect user devices with special malware, which covertly performs actions on Google Play, based on the commands received from hackers.

Although Google has strong protection mechanisms, which help detect and block fake users to prevent fraudulent operations, the authors of the Guerilla trojan seem to be trying to overcome them.

The trojan is delivered to the targeted device through Leech rootkit a malware that gives an attacker user privileges over the infected device. These privileges give the attacker unlimited opportunities to manipulate the data on the device.

Among other things it gives them access to the victim's username, passwords, and authentication tokens, which are mandatory for an app to communicate with official Google services, and are inaccessible to ordinary applications on non-rooted devices.

After installation, the Guerilla trojan uses this data to communicate with the Google Play Store as if it was real Google Play app.

The criminals are very cautious: they are careful enough to use the authentication data of a real user, and they also make requests from the fake client application, to Google Play,look exactly like requests that the real app would issue.

Another unusual thing about this trojan is that malware writers have tried to mimic the way an actual user interacts with the store. For instance, before it requests a page where a particular app is hosted, it searches for an app of interest, like a human would, should they need to find an app.

"Guerilla is not the first malicious app that tries to manipulate the Google Play store, but it does it in a pretty sophisticated way, that we haven't seen before. The thinking behind this method is clear: Google can probably easily distinguish requests to Google Play that were made by robots most of the Shuabang malware we know about just automatically sends out requests for the particular page of a particular app," said Security Expert at Kaspersky Lab, Nikita Buchka. (ANI)

New Delhi [India], Mar. 30 (ANI): Metropolitan Stock Exchange of India Limited (MSEI), the third national level stock exchange is all set to conduct a mock trading session in equity, equity derivatives and currency derivatives segments on April 1, 2017.

Full Story >>

New Delhi [India], Mar 29 (ANI): Cloudatix Biz India Ventures Pvt. Ltd, a young research startup emerging as a Smart City Solutions provider and Mediaguru, a global media services company that specializes in the entire life cycle of digital asset management services, digitization and monetization, recently launched 'Startup Accelerator Program and Internet College'.

Full Story >>

Dong Nai [Vietnam]/Tokyo[Japan], Mar.29 (ANI): Vietnam is experiencing a rapid economic growth as customers' purchasing abilities have increased that leads to opening up of supermarkets.

Full Story >>

Rajya Sabha passes Finance Bill

Updated: Mar 29, 2017 17:58 IST

New Delhi [India], Mar 29 (ANI): The Rajya Sabha on Wednesday passed the Finance Bill after various amendments presented by Union Finance Minister Arun Jaitley.

Full Story >>

New Delhi [India], Mar 29 (ANI): G-20 Framework Working Group (FWG) in its third meeting at Varanasi held discussions over the state of the global economy as well asG-20 agenda on inclusive growth and reports on strong, sustainable and balanced growth and G-20 enhanced structural reform agenda among others.

Full Story >>

New Delhi [India], Mar 29 (ANI): A consortium of Siemens and Sumitomo Electric Industries Ltd. has been awarded an order from Power Grid Corporation of India, the central transmission utility of India, to supply a high-voltage direct current (HVDC) transmission system.

Full Story >>

New Delhi [India], Mar 29 (ANI): TiE Delhi-NCR, the world's largest network of successful entrepreneurs and professionals presents the sixth edition of India Internet Day to facilitate all conversations around India's aspirations as a future world leader and sustained, well-distributed growth of our vibrant economy.

Full Story >>

New Delhi [India], Mar 29 (ANI): India's first mobile app based B2B E-commerce player WYDR has announced hiring of Alok Varman as their new Vice President, Operations.

Full Story >>

New Delhi [India], Mar 29 (ANI): India's healthcare apex body NATHEALTH on Wednesday announced its new leadership team for the year 2017-18.

Full Story >>

New Delhi [India], Mar 29 (ANI): Leading open digital payments company PayPal has announced its partnership with Vistarooms.com to enable foreign travelers travelling to India book hotels in a safe and seamless manner and on a platform they are familiar with.

Full Story >>

New Delhi [India], Mar 29 (ANI): APUS Group, China's fastest growing unicorn with over 510 million global users has acquired Venture Catalysts-backed Siftr Labs for an undisclosed amount.

Full Story >>

New Delhi [India], Mar 29 (ANI): The 33rd Edition of India Carpet Expo, Organized by Carpet Export Promotion Council at Pragati Maidan, New Delhi, has received overwhelming response from around 350 buyers from across the world in the second day of the Expo. India Carpet Expo "Showcasing new Fall-winter collection, as per the buyers' requirements in terms of size, design, color and quality which is grabbing the interest of the buyers.

Full Story >>

New Delhi [India], Mar. 29 (ANI): Lakshya Digital, India's leading game art development company is hosting the 'Keywords Game Art Summit' from March 28 to 31 March at Gurugram, to discuss India's growing prominence as a game art development hub for top publishers across the world.

Full Story >>

New Delhi [India], Mar. 29 (ANI): Citizen engagement platform LocalCircles conducted a poll regarding the impact of the Maternity Bill on employment figures among women in SMEs and Startups. The poll registered more than 4300 startups, SMEs and entrepreneurs as participants.

Full Story >>

New Delhi [India], Mar. 29 (ANI): FutureDial, a provider of device processing solutions partnered with Rocking Deals in order to examine and certify the quality of refurbished products that are being sold in the Indian market.

Full Story >>

New Delhi [India], Mar 29 (ANI-NewsVoir): Home Credit, one of the fastest growing NBFCs in India that has completed five years of operations in the country has emerged as the market leader in small ticket size loans.

Full Story >>

New Delhi [India], Mar. 29 (ANI): India's 'star serial entrepreneur' Sandeep Aggarwal announced plans of investing Rs. 20 Crore in up to 12 start-ups by the end of this year, in the areas of healthcare, tech and retail.

Full Story >>

New Delhi [India], Mar 29 (ANI): Union Finance Minister Arun Jaitley on Wednesday called the Goods and Services Tax (GST) Bill revolutionary, saying it will benefit all with the free movement of goods across the country.

Full Story >>

New Delhi [India], Mar 29 (ANI-NewsVoir): GoDaddy, the world's largest cloud platform dedicated to small, independent ventures, today announced the launch of GoDaddy's new Website Builder combining a mobile optimized website builder with an integrated set of marketing and e-commerce tools, making it easy for small businesses in India to attract visitors and drive results.

Full Story >>

Astana Expo-2017 road show held in Delhi

Updated: Mar 29, 2017 11:39 IST

New Delhi [India], Mar.29 (ANI): With less than three months to go for Expo-2017, an international exposition scheduled to take place between June 10 and September 10, 2017 in Astana, Kazakhstan, the Embassy of Kazakhstan in India and two leading tour operators of India and Kazakhstan --Sayat Travel (Kazakhstan) and Salvia Travels Pvt. Ltd. (India) - organised a road show on the theme "Travel the Great Silk Road and visit Astana Expo-2017" here.

Full Story >>