Google’s proud of its track record in protecting more than one billion Android phones and tablets from malevolent hackers. But in the last 12 months, it’s been dealt a few blows, including the biggest ad fraud to ever hit its mobile operating system and the most significant single theft of Google accounts thanks to an Android malware called Gooligan.
Those alarming events were set off via networks of cybercriminals focused on the platform, where coders combine their technical skills with the will and financial backing of organized gangs. Sometimes, the latter group don’t even have to pay for the former’s digital tools. Sometimes, the technically-savvy types open their minds for free.
That’s just what a character calling himself Maza-In did just before last Christmas, when he or she posted an in-depth guide on the Exploit.in hacker forum for creating Android “bankers” – malware designed to steal bank login details from users of Google’s platform. The post not only included directions, but source code for a banker too. There was also a description of the required backend infrastructure, all of which combined could deliver realistic-looking bank pages designed to trick victims into handing over their usernames and passwords.
And now, Android security experts have pinned a spike in banking malware on Maza-In and that post. They claim that Maza-In, in one fell swoop, caused a sudden leap in Android banking fraud, as cybercriminals took that open sourced code and adapted it to spread both in and outside Google’s official Play store. According to an independent researcher going by the moniker b0n1, as many as 60 variants of malware containing the Maza-In banker have been pushed out into the wider world by hackers hoping to make some easy money.
Check Point, which has been tracking the mini-explosion in Android bank fraud with ElevenPaths, a Telefónica security unit, told Forbes it had records of several dozen servers operating Maza-In’s malware, the largest of which controlled close to 3,000 bots. ElevenPaths said that, from Google Play alone, downloads of apps based on Maza-In’s code stood at above 10,000 and expected to rise, not to mention the number of downloads outside the store.
Those aren’t massive numbers. But what Maza-In and those who adapted his work for their own machinations have proven repeatedly are flaws in Google Play’s security, namely the Bouncer technology that’s supposed to keep bad apples out. Just two weeks ago, a sample of BankBot, based on Maza-In’s creation, was seen inside Google Play initially disguised as a video downloader tool. On June 13th, a very similar looking video downloader was up on the market; underneath was, again, a banker using Maza-In’s work. Going further back to April, a malware called Charger, which also borrowed heavily from Maza-In, was doing much the same, but masquerading as a flashlight app inside the official store, ESET reported. All were removed from Google Play as soon as the tech giant was alerted, but not before thousands were infected.
“Before this Maza-In code, there were a lot of Android banking Trojans, for sure,” said ElevenPaths security researcher Sergio de los Santos. “But accessing the source code was not easy and this helps all kinds of people create variants and even get into Google Play. Giving a very simple and effective framework to create and manage your own banking Trojan opens the door to hundreds of profiles of attackers that want to get into business the easy way.
“Maza-in made it very simple to add different banks to attack, so you may see people from Latin America with their own samples focused on banks in there, UK people, Russians.”
A hacker responds
Maza-In says he is no cybercriminal, though. (As Maza-In uses a profile picture of Bob Marley, Forbes has chosen to refer to the hacker in the masculine). In an interview over encrypted chat, he said he only wanted to highlight weaknesses in Google’s operating system, not spawn a spike in Android cybercrime. He claimed, for instance, that despite security firms’ claims he was behind the BankBot banker, another individual was responsible.
Yet he was aware of the criminal use of his code, revealing others, whether they’d given the malware additional features or not, were selling it for between $2,000 and $3,000 a pop on the web’s underground markets. “I did not expect it to work out that way, that it would spread so much,” he told me in Russian (translated by Google Translate).
“I did not write an article to harm people… I’m interested in studying the holey Android, since Google is not able to make a good operating system… by this I wanted to show the vulnerability of the Android and thought that Google would take care of security.” Unlike security pros who disclose bugs in return for credit or monetary reward, Maza-In said he didn’t contact Google.
In describing just what he thought was wrong with Android security, he added: “The biggest problem is that the device can install any application, get full access to the device and can be substituted for fake banking applications [that can] intercept SMS [and] manage the device. In general, everything is possible.”
As for Check Point and ElevenPaths’ assessment he was a malware creator supporting criminal operations, Maza-In said they’d exaggerated. He even claimed to be working on an Android anti-virus application.
But whilst analysts from both firms agree there’s no evidence he’s actively exploiting Android devices, they say it’s clear he is a malware creator who’s not followed best practise in highlighting security issues. “The blog contains explicit evidence that Maza-in is indeed behind the malware. He also boasted about his malware not being caught until January on one forum,” said Daniel Padon, mobile security researcher at Check Point. According to Lookout Mobile Security researcher Michael Flossman, Maza-In is just one handle used by a crew of Android fraudsters running all the aforementioned fraud malware.
“If you really want to show how unsecure Android is, you write an article about it, you code a proof of concept, you contact the right people to spread the word,” said de los Santos, explaining his disbelief at Maza-In’s claims to innocence.”But creating a Trojan? Oh, come on.”
Whatever the hacker’s involvement in the murkier parts of the internet, he and those who took advantage of his guide have given Google a headache. The company didn’t respond to requests for comment. But with the frequent appearances of these bankers on Google Play, it’s apparent the company has some work to do to keep ne’er-do-wells out of the market and users’ Android devices. – Written by Thomas Fox-Brewster, FORBES STAFF
Surge Of Smartphone Apps Promise Coronavirus Tracking, But Raise Privacy Concerns
Topline: A pan-European team of researchers announced Wednesday their plan to release a smartphone app that would notify users if they’ve been exposed to someone infected with coronavirus, the latest example of tech-driven coronavirus solutions that have also raised concerns about user privacy.
- A European project called Pan-European Privacy Preserving Proximity Tracing is working toward releasing a coronavirus tracing app in the next week that would use anonymous Bluetooth technology to track when a smartphone comes in close range with another, so if a user were to test positive for coronavirus those at risk of infection could be notified.
- Contact tracing, or determining people who may have been exposed to someone with a virus, is an established aspect of pandemic control and was used effectively to tackle coronavirus in countries like China, Singapore and South Korea in the form of smartphone tracking.
- University of Oxford researchers and the U.K. government are working on a similar project— but unlike other smartphone tracking systems, the British version in development would be based on voluntary participation and bet on citizens inputting their information out of a sense of civic duty.
- The U.S. government is in talks with companies like Facebook FB and Google GOOGL and other tech companies about tracking if users are social distancing using large amounts of anonymous, aggregated location data— this information is less precise, and more likely to anticipate outbreaks rather than pinpoint individuals who have been exposed to the virus.
- 1.5 million Israelis have voluntarily downloaded a mobile app that alerts users if they’ve come into contact with someone with coronavirus— but Prime Minister Benjamin Netanyahu has still ordered that potential coronavirus carriers have their phones monitored, a controversial move the government says is necessary, as the 17% of the population using the app is not enough to fight off the pandemic.
- Moscow , on a city-wide lockdown since Monday, announced Wednesday that a new phone app that will officials to track the movements of people diagnosed with coronavirus in the capital city would be launched on Thursday, saying the government will lend a smartphone to anyone unable to download the app.
Crucial quote: “We’re exploring ways that aggregated anonymized location information could help in the fight against [coronavirus]. One example could be helping health authorities determine the impact of social distancing, similar to the way we show popular restaurant times and traffic patterns in Google Maps ,” Google spokesman Johnny Luu told the The Washington Post. He made sure to note it “would not involve sharing data about any individual’s location, movement, or contacts.”
Key background: Private and public entities alike are looking for ways to fight off coronavirus as the pandemic continues. On Wednesday, there were more than 900,000 confirmed cases worldwide and nearly 50,000 deaths.Officials told The New York Times NYT that The National Health Service, Britain’s centralized national health system, is trusted by citizens— and paired with the strong data privacy laws in place, said they think people would agree to join the effort to share their private information to help trace infections. However, American tech firms are reported to still be skeptical about sharing substantial data with the U.S. government ever since Edward Snowden revealed the NSA was collecting information from the firms clandestinely.
Surprising fact: The information tech companies have access to data that sheds light on Americans’ behavior in light of the coronavirus pandemic. According to a Facebook analysis, restaurant visits fell about 80% in Italy and 70% in Spain— while Americans only stopped eating out at a rate of 31%.
Apple Is Donating 9 Million Masks To Combat The Coronavirus
Topline: Apple will donate 9 million N95 protective masks to combat the coronavirus, Vice President Mike Pence said on Tuesday, making Apple one of several California tech companies pitching in as hospitals across the country report a shortage of protective gear.
- Pence thanked Apple for agreeing to donate 9 million N95 respirator masks to healthcare facilities across the country during a press briefing on Tuesday.
- Pence’s remarks come after Apple CEO Tim Cook tweeted over the weekend the company was “working to help source supplies for healthcare providers fighting COVID-19” and “donating millions of masks for health professionals in the US and Europe,” but did not offer more specifics.
- N95 respirators are masks that form a protective seal around a wearer’s mouth, filtering out at least 95% of particles in the air, according to the Centers for Disease Control, which makes them necessary to protect healthcare workers from being exposed to the disease from patients.
- Facebook has also said it is donating its stockpile of 720,000 masks purchased during the California wildfires last year, which degraded the air quality in the San Francisco Bay Area.
- Apple did not immediately respond to a request for comment from Forbes asking if all of the donated masks were stockpiled because of the wildfires or if the company got them from somewhere else.
Chief critic: Teddy Schleifer, a reporter at Recode, wrote that health systems shouldn’t rely on the generosity of big tech companies to make up for the failures of the federal government.
“But there is a risk in relying on corporate philanthropy—rather than the government—in solving this problem. For starters, it depends on the voluntary generosity of these companies to deal with an unprecedented emergency, an altruism that could vanish at any time,” he wrote.
Crucial quote: “And I spoke today, and the president spoke last week, with Tim Cook of Apple. And at this moment in time Apple went to their store houses and is donating 9 million N95 masks to healthcare facilities all across the country and to the national stockpile,” Pence said.
Key background: Apple is one of several California tech companies to give away N95 masks. In addition to Facebook, Salesforce, Tesla and IBM have also announced mask donations.
News peg: Doctors and nurses are sounding the alarm that they don’t have enough masks to protect healthcare workers. Not only does inadequate protective gear put important frontline health workers at risk, public health experts say, any situation endangering medical personnel may only further depletes the U.S. health system which already doesn’t have enough capacity to handle a surge in cases. State officials in New York and Illinois have criticized President Donald Trump for not stepping in to force companies to manufacture masks or allocate masks from private companies to ensure that states don’t outbid each other for the same supplies.
–Rachel Sandler, Forbes Staff, Breaking News
Video Games Are Being Played At Record Levels As The Coronavirus Keeps People Indoors
Topline: With school closures, mandatory work-from-home policies and lockdowns taking place in the U.S. as a result of the Covid-19 coronavirus pandemic, gaming has seen higher engagement, especially over this past weekend.
- Steam, the most popular digital PC gaming marketplace, reached new heights Sunday, drawing a record 20,313,451 concurrent users to the 16-year-old service, according to third-party database SteamDB.
- Counter-Strike: Global Offensive, released by Steam-owner Valve in 2012, seems to be the top beneficiary of the increased engagement, breaking it’s all-time peak on Sunday with 1,023,2290 concurrent players, topping its previous peak last month by a million, which itself beat the record set in April 2016.
- Like other esports, CS:GO has had to cancel events due to the virus, particularly the Intel Extreme Masters in Katowice earlier this month, though its peak viewership reached over a million, making it one of the most watched tournaments in the esports’ history.
- Activision Blizzard’s new free-to-play battle royale spinoff Call of Duty: Warzone, launched March 10 on PC, Xbox One and PlayStation 4, is also likely benefiting, drawing in a staggering 15 million in three days, besting the record 10 million in three days by last year’s battle royale sensation Apex Legends.
- These new heights follows similar effects of the virus on China and Italy: Telecom Italia’s CEO told Bloomberg it saw a 70% increase in traffic over its landline network, with Fortnite playing a significant part, while Chinese live-streaming service Douyu experienced increased viewership of the country’s most popular games, according to market analyst Niko Partners.
- While gaming was considered “recession proof” during the 2008 market crash, stocks aren’t immune to the current historic drops: software developers like Activision Blizzard are facing a 9% decrease in price year-to-date, while hardware companies that rely on Chinese manufacturing like Nintendo are seeing bigger drops of 24%.
What To Watch For: If these records keep rising as the closings and lockdowns continue. Arriving this week is Nintendo’s long-awaited Animal Crossing: New Horizons for the Switch console, a relaxing “life-simulator” that’s set to have a big day with many fans not-so-jokingly asking Nintendo to launch early.
Surprising Fact: Plague Inc., a game that tasks players in creating a virus that wipes out humanity, surged in popularity late January, becoming the top-paid game on the Chinese app store at one point, but the game has now been removed in China at the direction of the government.
Download issues of Forbes Africa
- Single Digital Issue: Forbes Africa April 2020 - 30 Under 30 R50.00
- Single Digital Issue: Forbes Africa March 2020 R50.00
- Single Digital Issue: Forbes Africa February 2020 R50.00
- Single Digital Issue: Forbes Africa December 2019/ January 2020 R50.00
- Single Digital Issue: Forbes Africa November 2019 R50.00
Subscribe to Forbes Africa
This Entrepreneur Built Tent Floors After Hurricane Katrina. Now He’s Building A Pop-Up Coronavirus Hospital
How Steve Aoki Is Staying Creative While Stuck At Home | Ask The Expert | Forbes
A Physician’s Perspective On The Coronavirus Pandemic | Forbes
A Famous Street Falls Silent: Luring Locals Only Way After The Lockdown
Waffle House’s Struggles Highlight How Coronavirus Is Killing Restaurants | Forbes
- Health4 days ago
[IN NUMBERS] Coronavirus Update: COVID-19 In Africa
- Video4 weeks ago
Clara Foods’ Arturo Elizondo Is Creating Egg Proteins To Replace The Need For Poultry | Forbes
- Health4 weeks ago
Here’s The Worst Places To Travel Because Of The COVID-19 Coronavirus Outbreak
- Entertainment4 weeks ago
DJ Zinhle: The ‘Lazy Kid’ Who Achieved Platinum Success
- Brand Voice2 weeks ago
FOCUS ON NIGERIA: The Next Level For Africa
- Entrepreneurs4 weeks ago
Jack Welch: Managerial Genius Who Made One Disastrous Mistake
- Brand Voice4 weeks ago
A Decade of Gert-Johan Coetzee
- Woman4 weeks ago
Clothes Encounters In The Congo: How Fashion Can Be Used As A Tool For Social Change