Mobile security news from September 2019

Instead of manually extracting links from my Telegram Channel (where I bookmark everything Android #infosec related) I decided to post regular Android Security Recap in a more convenient way for me: Telegram channel -> Links

You can find there 87 mobile security news published in September 2019.

Join the channel to receive latest Mobile security news right away.

Figure 1. Telegram channel

Harmful apps on Google Play in September 2019

Based on all the researches, blogs, articles, whitepapers, tweets etc. published last month, I did a recap of harmful apps with links to the sources.

In September 2019 there were discovered 172 harmful apps with over 335,952,400+ installs found on Google Play Store.

Figure 2. Harmful apps found on Google Play in September 2019

Adware

Google quietly removed at least 46 apps from the Play store belonging to iHandy, a major Chinese mobile developer (I could backtrack only 11, rest of them (35 apps) are not included)

Two adware apps with 600,000+ installs found on Google Play

Subscription Scam

Subscription Scam apps found on Google Play – 15 apps with 20,000,000+ installs

Hidden Ads

29 Hidden Ads trojans with 10,900,000+ installs found on Google Play

25 hidden adware found on Google Play with over 2,100,000 installs

Two hidden ads Trojans found on Google Play with 1,500,000+ installs

HiddenAd adware with 50,000+ installs found on Google Play

SMS Premium Subscription

Android Spy that signs you for SMS premium subscription (€6,71 per week) found in 24 apps on Google Play with 472,000+ installs

Hidden App

Seven HiddenApp Trojans found on Google Play with 310,000+ installs

Banking Trojan

Android banking Trojan – Hydra – found on Google Play with 10,000+ installs

Stalkware

Stalkerware app with 10,000+ installs found on Google Play

Fake Antivirus

Fake Antivirus app found on Google Play with 10,000+ installs

Credit Card Phishing

Two fake apps with all together 200+ installs requests credit card credentials [1] [2]

Fake Cryptocurrency Exchanges

Fake cryptocurrency exchange app found on Google Play that bypasses SMS 2FA by stealing SMS notifications

Fake App

Fake apps spread on iOS App Store and Google Play