Sophisticated Bribe Scheme Gets Malware Onto Chinese Antivirus Whitelist

An anonymous reader writes "Malware operators have bribed employees of a gaming company to bundle malware with their mobile apps." Because the app-maker reportedly had a good-faith agreement with China's biggest antivirus company, the apps were apparently whitelisted without a thorough check, according to Softpedia. They cite a report from Check Point which describes how attackers would later pretend to be shoppers on a popular Chinese site where pictures of the desired items are sent to sellers. "The seller would open the picture on a PC and become infected," writes Check Point, "because the Trojan would not be detected," and a subsequent request for a refund would deliver the login credentials for the seller's payment account.

"This example illustrates how important it is to avoid third-party stores and to instead at least rely on stores with more reliable security," argues Check Point. "But even still, stores like the App Store and Google Play aren't immune to threats."

Um... "Avoid 3rd Party Stores" except F-Droid!

[Freshly+Exhumed]

Please don't lump in F-Droid with all the calls to avoid 3rd party app stores.

Re:Um... "Avoid 3rd Party Stores" except F-Droid!

[Dutch+Gun]

Agreed, and I'd probably also exclude the Amazon store from being painted with that same brush. Malware infesting 3rd party Asian app stores isn't exactly news to someone who pays attention to these things. That alone accounts for a huge percentage of the malware found on Android devices.

Still, as a general rule, I think it still holds. If someone don't know enough to make that evaluation for themselves, it's probably best for them to stick to the official store.

Wrong conclusion

[enriquevagu]

Even after reading TFA, this example DOES NOT illustrate how important it is to avoid third-party stores.