29 C
Mumbai
Sunday, August 9, 2020
Tel: 8850717892

“Blur” Photo Campaign Targets Android Users

Home Security Awareness “Blur” Photo Campaign Targets Android Users
- Advertisement -

Must Read

Learnings from the Past: A tale of Indigenous Architecture and Sustainability

As much as we move ahead with time and technology, there is also a part of the past that...

7 Innovative Structures made from Recycled materials

Sustainability design has a wide spectrum of applicability. Beyond the typical materials like plastic and glass that are widely...

Human Centric Design

Architecture has a psychological effect on every human being, it could be both negative or positive. Due to a...
Ayush Dubey
Ayush Dubeyhttps://ayush7ad6.wordpress.com/
Ayush Dubey is an engineering student from IIIT Jabalpur. He has a comprehensive background in technology. Cybersecurity being his primary field of interest. He loves to meet people who are always in a hustle to learn new things. Currently, working as a writer at Blarrow Online Services Pvt. Ltd.
Recently, Google Play Store was found with 29 malicious photo editing apps with a combined 3.5 million downloads running out-of-context ad campaigns. This is not the first attack of its kind. The ability to track users’ data is often been misused by developers and cyber crooks to generate more revenue. Moreover, Google is an open-source platform rendering it an easy target for many notorious cyber campaigns.
Many notorious developers exploit this advantage to practice their nefarious activities. And recently Google Play Store was found to have 29 malicious photo “blur” apps launching OOC ads on the victim mobile. The mobile apps employed techniques to prevent detection from antivirus and also to pass the Play Store Security checks.

ChartreuseBlur Campaign

According to the report of White Ops Satori Threat Intelligence and Research Team most of the 29 malicious mobile apps were labelled with the ‘blur’ in their package name. This made them give the campaign name ChartreuseBlur. Researchers said that the malicious android apps “manifested suspiciously high volumes of ad traffic”.
The team found that the code snippet responsible for OCC ads was found on VirusTotal (VT). The snippets appear to be slight variations of the same base code with incremental changes. Developers did this to avoid detection by antivirus.

Photo Blur Apps

The applications were designed to provide a utility much in demand. To provide a depth-effect that usually comes with SLR and DSLR cameras. Usually called the blur effect, it is liked by many users who want to make their photographs appealing.
The victims of the campaign downloaded the apps as a photo editor tool, oblivious to the hidden intent of the applications.

Usual Drill

Researchers conducted an analysis on one of the apps, in particular, called Square Photo Blur, finding that its behaviour was consistent with all of the malicious apps.
Once downloaded the mobiles experience an influx of ads appearing out of nowhere, a phenomenon is known as out-of-context(OCC) ads. Researchers also found that the apps can deliver OCC ads every time a user wakes up the screen, plugs to charging or switching from cellular to WiFi and vice versa.
The distinct hallmark of the applications is that once downloaded, the applications play “hide & seek” with the device, forcing users to uninstall the apps from the settings, searching for the app from the long list. This makes it difficult for average users to locate the app and uninstall it.
The report stated that to stay undetected the developers used fake contact details for the apps in the campaign. Square Photo Blur was registered with the name “Thomas Mary” on Google Play Store which is completely fake.
As the researchers studied how the apps work (using Square Blur app), they found that the apps in the campaign have a three-stage payload evolution. The initial stages were harmful but an aid to the third stage where researchers noticed the nefarious activities.

Stage-I

As part of its malicious employment, the app is installed using a Qihoo packer. Researchers could not find anything suspicious about this methodology. The app also uses a truncated application called a stub app which often is used by developers to test other parts of the code of an application.

Stage-II

Here the app is used as a ‘wrapper’ around another Blur app, com.appwallet.easyblur, visible after Square Photo Blur is unpacked.
This was a failsafe stage “to trick users into believing they have downloaded a legitimate app with Square Photo Blur,” researchers observed.

Stage-III

Stage-3 of the app’s installation is where the app begins to get really malicious, says the report. It is in this stage that the malicious code generates the OOC ads, & it is in the form of packages com.bbb.*, e.g. com.bbb.NewIn.

How vulnerable is Android
How vulnerable is Android

Free access to a plethora of android apps creates the need to advertise the platforms. To accrue a handsome amount of revenue, applications use cookies to fetch apt data about a user. Android apps use this tracking data for advertising to generate revenue. Though it seems to be an invasion, it is this tracking data which kept the free access to the applications largely free. The thing is android users have little choice, but to accept the conditions, and keep being tracked—the little trade-off for using free apps.
Researchers said that if you have fallen prey to the campaign and have witnessed an influx of OCC ads on your device, immediately uninstall the application by opening settings and searching for the app in the apps’ list.
- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Human Centric Design

Architecture has a psychological effect on every human being, it could be both negative or positive. Due to a...
- Advertisement -

BadPower Attack: Your Smartphone May Explode While Charging

Recently, Chinese researchers have discovered rather a queer way to literally ‘destroy’ your smartphone through the mobile charger. This attack is known as the...

Learnings from the Past: A tale of Indigenous Architecture and Sustainability

As much as we move ahead with time and technology, there is also a part of the past that helps us learn new things....

TrickBot Anchor Malware Now Targets Linux Systems

Backdoor implementation is enhancing in every aspect. Cyber groups are employing techniques to execute malicious activities in the host system along with establishing persistence....

Rock of Ages 3: Make and Break Review

INTRODUCTION:- ROCK OF AGES 3: MAKE AND BREAK a Tower defence, racing type of video game played in single-player and multiplayer game mode. ROCK OF...

More Articles Like This

- Advertisement -