This week we take a look at a flaw in the Google Play store’s app permissions, dictionary.com’s banking Trojan, and more.
After analysing more than 75,000 apps from the Google Play store, Zscaler has warned that the site's app permissions are seriously flawed. The firm found that:
- 68 per cent of apps that request SMS permissions ask for the ability to send SMS messages. With most Android malware currently targeting premium SMS fraud, this is concerning, especially as users tend to indiscriminately accept requested permissions without scrutinising whether or not they’re truly needed.
- 28 per cent of apps with SMS permissions also request read SMS access. This is somewhat unsettling as an increasing number of apps/services send codes via SMS for mobile banking or two factor authentication.
Meanwhile, vSentry has discovered a banking Trojan on Dictionary.com. The attack is a variation on previously delivered banking Trojans. OBPUPDAT.EXE steals user account details and other information delivered to the browser, and captures user passwords. It can also download malicious software and allow remote access to the compromised device, explained the firm.
In other news:
- Kaspersky has announced that it has contributed to an alliance of law enforcement and industry to undertake measures against Shylock malware.
- The UK’s spy agency GCHQ has developed its own software tools to infiltrate the internet and manipulate what people see, according to a leaked document by Edward Snowden.