Researchers Find Google Play Store Apps Were Actually Government Malware (vice.com)

← Back to Stories (view on slashdot.org)

Researchers Find Google Play Store Apps Were Actually Government Malware (vice.com)

Posted by msmash on Friday March 29, 2019 @02:50AM from the security-woes dept.

Security researchers have found a new kind of government malware that was hiding in plain sight within apps on Android's Play Store. And they appear to have uncovered a case of lawful intercept gone wrong. An anonymous reader writes: This new case once again highlights the limits of Google's filters that are intended to prevent malware from slipping onto the Play Store. In this case, more than 20 malicious apps went unnoticed by Google over the course of roughly two years. Motherboard has also learned of a new kind of Android malware on the Google Play store that was sold to the Italian government by a company that sells surveillance cameras but was not known to produce malware until now. Experts told Motherboard the operation may have ensnared innocent victims as the spyware appears to have been faulty and poorly targeted. Legal and law enforcement experts told Motherboard the spyware could be illegal. The spyware apps were discovered and studied in a joint investigation by researchers from Security Without Borders, a non-profit that often investigates threats against dissidents and human rights defenders, and Motherboard. The researchers published a detailed, technical report of their findings on Friday.

41 comments

Min score:

Reason:

Sort:

Lacking information by BringsApples · 2019-03-29 03:16 · Score: 5, Informative

Is anyone else tired of hearing about this sort of stuff (malware found in apps or whatever), where no one tells us what apps they determined to be malicious? Well, here ya go.

--
Politics; n. : A religion whereby man is god.
1. Re:Lacking information by dougTheRug · 2019-03-29 05:54 · Score: 1
  
  I was hoping they would name which government, as well.
2. Re:Lacking information by godel_56 · 2019-03-29 11:17 · Score: 1
  
  I was hoping they would name which government, as well.
  RTFA, it was Italy.
3. Re:Lacking information by dougTheRug · 2019-03-29 20:46 · Score: 1
  
  There was some screen block about cookies. It wasn't worth it, I learned now it was Italy!
Meh ... whatever ... by Anonymous Coward · 2019-03-29 03:20 · Score: 1

At this point, I assume that 99% of all apps are written by assholes, fucking assholes, and complete morons.
If they're not intentionally spying on you and not telling you, or actively being malware and scamming you, they're written by incompetent morons and still leaking your personal data.
I've given up on looking for, or caring about apps, and have been just un-installing most of them.
Most of them are little more than ad platforms at best, or trying to steal your money.
The state of mobile apps has been reduced to a pile of garbage by malicious and incompetent actors.
No thanks, I'll do my internet stuff on a browser I can run proper extensions to block third party shit. There's very little left in the domain of apps that add any value these days.
Apps were good and interesting for a while, but they've pretty much degraded to ads and analytics, with shit privacy. Fuck that.
1. Re:Meh ... whatever ... by Impy+the+Impiuos+Imp · 2019-03-29 03:25 · Score: 4, Funny
  
  "We use cookies to improve your* web site experience"
  * your adj : our e.g. "We improved your experience by telling a targeted ad company exactly what you click on, so they can improve our wallet experience."
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
2. Re:Meh ... whatever ... by TigerPlish · 2019-03-29 03:36 · Score: 2
  
  Apps were good and interesting for a while, but they've pretty much degraded to ads and analytics, with shit privacy. Fuck that.
  That's true, that's true.. but there are still bizarre little apps that are useful and don't send data back to the mothership.. Gun Log SPC is godsend for avid shooters - it's the best gun / ammo / maintenance log i've seen, there's one called Mainspring that lets you tape your earpiece mic to the crystal of a watch so you can time it (a poor man's watch timer), ClockMaster (same but for clocks, better async detection). There's the various SPL meters.
  But I agree. Apps have for the most part turned into ad delivery platforms, and most paid apps have disappeared altogether, replaced by subscriptions.
  I went on a rampage on my phone, tossed all the freebies with ads, tossed most of the subs, and now refuse to buy sub apps unless it's abso-fucking-lutely necessary. I ended up with a stable core of apps that I use all the time, and that's pretty much it. I do'nt go app hunting in the app store like when I first got a smartphone 10 years ago. Now I go look when I have a specific need to fill that nothing else can do. Like Watch Tracker.
  My next app? a VPN of some sort. Time to deny AT&T all the info I can. Proton seems to rub the ussr the wrong way, so I'll take it.
  
  --
  The "Civilized World" jumped the shark ca. 1973.
3. Re:Meh ... whatever ... by Anonymous Coward · 2019-03-29 03:46 · Score: 1
  
  At this point, I assume that 99% of all apps are written by assholes, fucking assholes, and complete morons.
  That's definitely not what I see in the Debian/Ubuntu repos.
  
  The state of mobile apps has been reduced to a pile of garbage by malicious and incompetent actors.
  Ah, mobile. Yes, the form factor where we suddenly rejected & un-learned every painful lesson we had learned over the last few decades. I'll agree with you there: mobile has been a regressive disaster so far. Apple and Google are the new Microsoft, making extreme suckiness the ubiquitous norm.
  
  No thanks, I'll do my internet stuff on a browser I can run proper extensions to block third party shit.
  Actually on Android you've at least got Firefox, but it's still not as good as the desktop version.
4. Re:Meh ... whatever ... by Khyber · 2019-03-29 03:54 · Score: 1
  
  "Gun Log SPC is godsend for avid shooters"
  And a godsend for those wishing to possibly prove intent in a court of law.
  Fucking moron, ANY data can be used against you (Hence why "anything you say can and will be used against you in a court of law.")
  Stupid fucking git. Advertising your ammo capacity to the government which should have no business in your 2nd Amendment rights.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
5. Re: Meh ... whatever ... by Anonymous Coward · 2019-03-29 04:06 · Score: 0
  
  What's the google play store?
6. Re: Meh ... whatever ... by Anonymous Coward · 2019-03-29 04:06 · Score: 0
  
  Firefox on iPhone too, but Slashdot still hasnt added the three lines of code to prevent apostrophes from being screwed up when typed on iPhone. (still hasnâ(TM)t added)
7. Re: Meh ... whatever ... by Narcocide · 2019-03-29 04:12 · Score: 1
  
  It's actually a few more than 3 lines if you don't want it to create a giant security nightmare.
8. Re:Meh ... whatever ... by Anonymous Coward · 2019-03-29 04:16 · Score: 0
  
  Erroneous data you spewed was used against you Khyber https://tech.slashdot.org/comm...
9. Re: Meh ... whatever ... by TigerPlish · 2019-03-29 04:23 · Score: 1
  
  Ok, trollski comrade red. I'll bite. The app does not send data anywhere. It stores it locally.
  Other than being more convenient to me how is it any more of a risk than a spreadsheet in my pc or a paper and pencil notebook on me desk holding the same info?
  There's properly paranoid and then there's you.
  
  --
  The "Civilized World" jumped the shark ca. 1973.
10. Re:Meh ... whatever ... by Iwastheone · 2019-03-29 04:35 · Score: 1
  
  That's why I had to put NoRoot Firewall ( https://norootfirewall.weebly.... ) on my un-rooted Android phone. It has pre-installed apps like Facebook that can't be uninstalled.and have no right to send my info anywhere. A file manager/mp3 player or game app doesn't need internet access to function. I don't need ads popping up either.
11. Re: Meh ... whatever ... by Anonymous Coward · 2019-03-29 04:46 · Score: 0
  
  It's the name of the web site where the Yalp Store app gets all its data.
12. Re: Meh ... whatever ... by Anonymous Coward · 2019-03-29 04:49 · Score: 0
  
  That only happens to asshole hipster users who refuse to turn off the fucking curly quotes.
13. Re:Meh ... whatever ... by Anonymous Coward · 2019-03-29 08:31 · Score: 0
  
  We use cookies to improve your* web site experience
  And I edit cookie content to include a web server buffer overrun exploit. Antics ensue the next time I land on some advertiser's ad link.
14. Re: Meh ... whatever ... by Anonymous Coward · 2019-03-29 17:39 · Score: 0
  
  Creepy gestapo stalker trolls sure are creepy.
15. Re: Meh ... whatever ... by astrofurter · 2019-03-29 17:45 · Score: 1
  
  That website looks kinda shady. And I don't see source code available anywhere.
  Try NetGuard (https://www.netguard.me/). Same idea but FOSS. Works great for me.
Crap by fluffernutter · 2019-03-29 03:27 · Score: 2

As an Android owner, I don't really care about this. Don't install all kinds of crap and you'll be reasonably safe.

--
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Run new apps through a proxy... by SuperKendall · 2019-03-29 03:31 · Score: 2

It's a pretty good idea to run new apps in an environment where you can monitor network traffic and see what they are sending.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:Run new apps through a proxy... by MooseTick · 2019-03-29 03:56 · Score: 4, Insightful
  
  "It's a pretty good idea to run new apps in an environment where you can monitor network traffic and see what they are sending."
  Yeah. Everyone should do that the next time they install and/or update any app. It makes sense and we all love and know how to analyze network traffic. I'd also add waiting at least a year before using the app on a live device just in case it waits a while to exfiltrate data.
  Or, we can all use burner phones and rotate them monthly so its harder to be tracked. That would literally be an easier solution than isolating, monitoring, and analyzing network traffic for each app and determining they are not doing anything suspect.
  
  --
  Ninjas don't carry tic tacs
2. Re:Run new apps through a proxy... by Anonymous Coward · 2019-03-29 06:53 · Score: 0
  
  If I wrote an app like this I would generate a random d60 and not do anything suspicious until that many days went past.
The process is the solution. Opensource is part of by Anonymous Coward · 2019-03-29 03:48 · Score: 0

Anything not opensource should be viewed as guaranteed spyware. Anything that is opensource should have its code checked and rechecked by as many as possible.
That's not a guarantee nothing may crop up, its a process in order to improve your odds from being a victim.
Maliciousness comes in all forms and in the software world we are slowly working the processes to combat it.
Don't bother telling us which apps are malware by Opportunist · 2019-03-29 04:02 · Score: 2

That would be way more information than anyone could possibly want from an article like that. We want the ads and the fluff you create around it, certainly not the information which apps to avoid.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Could be illegal? by Anonymous Coward · 2019-03-29 04:32 · Score: 0

Legal and law enforcement experts told Motherboard the spyware could be illegal.

If it was meant for the Italian government, it could be illegal in Italy, for targets over there.
It certainly was illegal everywhere else as they have no jurisdiction.
Re:Ok, let's see "Khyber's ILLOGIC-LOGIC"... apk by fluffernutter · 2019-03-29 04:38 · Score: 1

I'm glad you posted that because he really hurt my feelings.

--
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
LOL! IF I was to post ALL Khyber's fuckups? apk by Anonymous Coward · 2019-03-29 04:48 · Score: 0

LOL! IF I was to post ALL Khyber's fuckups? You'd DIE laughing - I have literally DOZENS bookmarked of like ilk (total tech fuckups) & worse, THREATS to me he'd "sue me" - lmao, for WHAT?? FACTS about him?? No, that PUNY 110lb. 5'2" RUNT is just a victim of his DULL BRAIN & "napoleon complex", nothing more.
* IF you look @ his post history, you see a PATTERN of "impotent RaGe" giving others' guff ONLY TO END UP w/ EGG on HIS FACE, tons of times... it is TRULY hilarious, priceless & classic.
APK
P.S.=> Sorry if you feel he hurt your feelings but YOU are responsible for how YOU feel, not him - but giving that PUNY WEEZIL that much on YOUR part? Don't - he THRIVES on it since he HATES what he has DONE TO HIS WASTED LIFE (& that of his family too - he is a HUGE let-down & MISERY to them (I've looked into him after this 'effete threats' directed MY WAY I noted above which was for YEARS now, MANY TIMES, & nothing (like hiim)... It is how I know about his wreck of a "so-called 'life'' because from what I understood, he HAD potential, became a druggie waste & let anyone down who cared for his SORRY ass))... apk
1. Re:LOL! IF I was to post ALL Khyber's fuckups? apk by fluffernutter · 2019-03-29 05:11 · Score: 1
  
  I keep reading that you aren't nice, APK. What's up with that?
  
  --
  Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Oh, please by WillAffleckUW · 2019-03-29 05:06 · Score: 2

You act is if Attorney General Barr authorized illegal wiretapping on all overseas telephone and other communication on Americans back during Iran-Contra, and never got legal authorization for any of this.
Personally, I enjoyed visiting the Yakima facility back in the day.
Now you act all shocked they upload apps designed to spy on you.

--
-- Tigger warning: This post may contain tiggers! --
"I'm whatever gothan needs me to be"... apk by Anonymous Coward · 2019-03-29 05:28 · Score: 0

See subject: & nice enough to give users more speed/security/reliability + anonymity for FREE using what you have NATIVELY:
I suggest you do the same (to the limit of your ability THAT GROWS if you 'pay it forward'):
Make a Wheel https://isc.sans.edu/forums/di... as I did:
APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p
APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down...
* Those I "blow away" try SHIT on me w/ bs? Proof of the REAL DEAL (samples):
I BLOW 'em AWAY https://tech.slashdot.org/comm... + https://it.slashdot.org/commen... + https://yro.slashdot.org/comme...
APK
P.S.=> I'm a normal person: Nice UNTIL it's time to NOT be nice (& I'm no "politically correct" MILKSOP if someone takes potshots @ me, no F'ing way - I hit back as HARD as possible on as many levels as is possible & needed)... apk
1. Re: "I'm whatever gothan needs me to be"... apk by Anonymous Coward · 2019-03-29 07:21 · Score: 0
  
  And the biggest fag award goes to....
  aPK
2. Re: "I'm whatever gothan needs me to be"... apk by Anonymous Coward · 2019-03-29 09:12 · Score: 0
  
  No that one goes to you as you so 'bravely and courageously' stalk apk by unidentifiable anonymous like the skulking whimp you are.
TRANSLATION (IMHO)!!! by Anonymous Coward · 2019-03-29 08:03 · Score: 0

"Look people!!! EVIL GOVERNMENT is trying to destroy your PRIVACY!!! PROTEST YOUR EVIL GOVERNMENT!!! What are you waiting for???"
Ok, let's see "Khyber's ILLOGIC-LOGIC"... apk by Anonymous Coward · 2019-03-29 13:45 · Score: 0

Ok, let's see "Khyber's ILLOGIC-LOGIC" I had to correct his NOOBISHNESS on https://tech.slashdot.org/comm...
* I SEE YOU TRIED TO DOWNMOD HIDE THIS Khyber https://tech.slashdot.org/comm... NOW, isn't LOGIC the SEARCH FOR TRUTH?
FUNNY YOU TRY HIDE THE TRUTH THEN, lol...
APK
P.S.=> Logic like being a FELON Khyber? That's YOU Alex McQuown. Logic like being a HOMOSEXUAL (is sex's TRUE purpose PROCREATION?? Why YES it is - when YOU can produce a child yourself, then talk "logic" you ILLOGICAL abnormal TWISTED sodomite monstrosity)... apk
I am very gay by Anonymous Coward · 2019-03-29 17:50 · Score: 0

I am very gay. I just love sloppy rimjobs with geriatric dwarves.
- APK
FTFY by astrofurter · 2019-03-29 17:53 · Score: 1

"Researchers Find Google Is Actually Government Malware"
FTFY.
Still IMPERSONATING me JEALOUS "Lil' Jowie"? by Anonymous Coward · 2019-03-29 23:45 · Score: 0

u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU got ISSUES.
That's "best ya got"?
u WISH u were ME (as ur POOR imitation = the sincerest form of flattery).
WASTING ur life STALKING me by UNIDENTIFIABLE anon OR IMPERSONATING me?
Make a Wheel https://isc.sans.edu/forums/di... as I did giving users more speed/security/reliability & anonymity NATIVELY doing more for less vs. ANY single 'solution' via the best hosts file multiplatform:
APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p
APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down...
APK
P.S.=> I BLOW U AWAY https://tech.slashdot.org/comm... + https://it.slashdot.org/commen... + https://yro.slashdot.org/comme...