Font apps on Google Play deliver spyware
Posted on 13.05.2013
Everybody should know by now that downloading apps from Google Play is not as safe as we all would like. Admittedly, the probability of downloading malware is much smaller than on third party online Android markets, but it still exists.

Webroot researchers have recently unearthed two apps that install additional fonts on an Android device, but also offer a way in for spyware.

The apps in question, Free Galaxy Classic Fonts and Galaxy Fonts, have since been removed from Google Play, but are still offered on their developer's official website.

Once the user downloads and runs one of the apps, and requests it to download and implement a new font, the app downloads the ikno.apk file - a spying app that forwards SMS, call logs, and location information to a web portal where the person doing the spying can review the information.

The official developer's site apparently offers users to download iKno from the Android Market, but the users actually downloads it from the site.



My theory is that this option is for those who willingly install the app on a target device (probably when its owner is not present), and the font apps on Google Play were used to make the target unwittingly install the spyware after the attacker recommended the apps to them.

As the apps have been removed and the Google Play account offering them has been shut down, it's impossible to tell whether the permissions requested by the apps indicate their secret nature - but the odds are they have.

Unfortunately, many users don't even review them, so investing in a good mobile security solution is a good idea.









Spotlight

Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Jul 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //