Skip to main content

MediaCenter Panda Security

MediaCenter Panda Security

Careful! Phishing Targeting Google Play Android Developers!

Posted: 29 Jun 2015 03:01 AM PDT

We have detected a phishing campaign targeting Android developers who are publishing their creations in Google Play, Android's official app store. The from field in the email comes from "Play Developer Support", with the subject "Update your Account Informations", as you can see in the following screenshot:

phishing developers

If you click in the link provided, you are redirected to a web site that looks like Google, although obviously it isn't:

phishing gmail

Phishing attacks are designed to steal credentials and users' identity, that's why they are extremely popular targeting financial entities and all kind of payment platforms' customers. This case, however, it is different in the sense that they are not looking to syphon the victims account, the want those credentials because they can use them to spread malware through Google Play.

The most worrisome thing is how easy it would be to automate all the process for criminals. You just need to:

Phishing attacks are designed to steal credentials and users' identity, that's why they are extremely popular targeting financial entities and all kind of payment platforms' customers. This case, however, it is different in the sense that they are not looking to syphon the victims account, the want those credentials because they can use them to spread malware through Google Play.

The most worrisome thing is how easy it would be to automate all the process for criminals. You just need to:

  • Build a crawler (there are a number of open source projects to help out in this task) to download information of all apps published in Google Play.
  • Parse that information to obtain developers' email addresses.
  • Sent out a personalized phishing campaign, even the phishing page could be personalized for the specific developer so the "conversion rate" is better.
  • As the attacker has the information from the apps published by each developer, it could be built an alert system to warn him each time a developer with a popular (millions of downloads) app has fallen in the trap.

From here, one of the easier (and unsophisticated) attacks would be to publish malicious apps using that account. Imagine that someone gets to steal the developer credentials of Candy Crush and publish Candy Crush 2 on the developer behalf…

If the attackers were skilled enough, and find a way to modify the current app of the developer without using the private key (this one cannot be obtained with the stolen credentials), they could publish an updated version of any app. In the example above, imagine that the attackers create an update of Candy Crush with a hidden Trojan in it: hundreds of millions of users would download and install it without ever suspecting they are being compromised.

The post Careful! Phishing Targeting Google Play Android Developers! appeared first on MediaCenter Panda Security.

Comments

Post a Comment

Popular posts from this blog

The first drug for a common, deadly liver disease is here – and more are coming

VIEW IN BROWSER | SUBSCRIBE TUE, MAR 19, 2024 EDITOR'S NOTE     Think a friend or colleague should be getting this newsletter? Share this link with them to sign up.   Good morning!  Millions of Americans with a common and potentially life-threatening form of liver disease will soon have access to the first-ever treatment for the condition.    In a landmark decision on Thursday, the Food and Drug Administration approved Madrigal Pharmaceuticals ' drug " Rezdiffra ," to be used along with diet and exercise. The company expects the medicine to be available next month with a hefty price tag of $47,400 per year before insurance and other rebates.    So, why is this approval so important?    First of all, people suffering from the disease badly need a treatment. Rezdiffra is specifically approved to treat patients with nonalcoholic steatoh
Post a Comment
Read More

J&J, Merck and Bristol Myers Squibb are in the hot seat

VIEW IN BROWSER | SUBSCRIBE TUE, JAN 30, 2024 EDITOR'S NOTE     Think a friend or colleague should be getting this newsletter? Share this link with them to sign up.   Good afternoon! This is Annika Kim Constantino, and I cover the biotech and pharmaceutical industry for CNBC.com .    Three names in the industry – Johnson & Johnson, Merck and Bristol Myers Squibb – face a pivotal few weeks ahead.    CEOs from those companies are slated to testify at a Senate hearing on high prescription drug prices in the U.S. on Feb. 8 at 10 a.m. ET, Sen. Bernie Sanders announced Friday.   It took subpoena threats from the senator, but J&J CEO Joaquin Duato and Merck CEO Robert Davis have agreed to testify after both executives declined earlier requests to appear at the Senate HELP committee's hearing. They join Bristol Myers Squibb CEO Chris Boerner, who agr
Post a Comment
Read More

Israel activates evacuation plan for 28 communities along Lebanon border

To keep you updated, we send Defence News to your mailbox. In case, you wish to Unsubscribe Click Here Defence News Dear Reader, Just catching up? Here are the top
Post a Comment
Read More