- Joined
- Aug 20, 2006
- Messages
- 13,000
Google’s Play Protect is a user-facing security screening process that scans apps you install, comparing their content against known malware components, and notifies you if any potential risks are found: unfortunately, it wasn’t good enough to catch obfuscated malware with up to 20 million installs on the Play Store. A technique called “packing,” used to hide the intended functionality of a piece of software, has proven effective in fooling Google’s automated systems.
...apps with ExpensiveWall request internet and SMS permissions, connect to a remote server at regular intervals, and run what is sent to it by the server in an embedded WebView. If you follow Android security, this might all sound a bit familiar, and that's because it's basically identical to another piece of malware discovered earlier this year. According to Check Point, Play Protect was configured to detect this malware previously, but it's now been "packed" to fool the existing checks.
...apps with ExpensiveWall request internet and SMS permissions, connect to a remote server at regular intervals, and run what is sent to it by the server in an embedded WebView. If you follow Android security, this might all sound a bit familiar, and that's because it's basically identical to another piece of malware discovered earlier this year. According to Check Point, Play Protect was configured to detect this malware previously, but it's now been "packed" to fool the existing checks.