{"id":146968,"date":"2022-12-03T13:02:10","date_gmt":"2022-12-03T13:02:10","guid":{"rendered":"https:\/\/harchi90.com\/android-phone-makers-encryption-keys-stolen-and-used-in-malware\/"},"modified":"2022-12-03T13:02:10","modified_gmt":"2022-12-03T13:02:10","slug":"android-phone-makers-encryption-keys-stolen-and-used-in-malware","status":"publish","type":"post","link":"https:\/\/harchi90.com\/android-phone-makers-encryption-keys-stolen-and-used-in-malware\/","title":{"rendered":"Android Phone Makers&#8217; Encryption Keys Stolen and Used in Malware"},"content":{"rendered":"<div>\n<p><span class=\"lead-in-text-callout\">While Google develops<\/span> its open source Android mobile operating system, the \u201coriginal equipment manufacturers\u201d who make Android smartphones, like Samsung, play a large role in tailoring and securing the OS for their devices.  But a new finding that Google made public on Thursday\u200b reveals that a number of digital certificates used by vendors to validate vital system applications were recently compromised and have already been abused to put a stamp of approval on malicious Android apps.<\/p>\n<p class=\"paywall\">As with almost any computer operating system, Google&#8217;s Android is designed with a \u201cprivilege\u201d model, so different software running on your Android phone, from third-party apps to the operating system itself, are restricted as much as possible and only allowed system access based on their needs.  This keeps the latest game you&#8217;re playing from quietly collecting all your passwords while allowing your photo editing app to access your camera roll, and the whole structure is enforced by digital certificates signed with cryptographic keys.  If the keys are compromised, attackers can grant their own software permissions it shouldn&#8217;t have. <\/p>\n<p class=\"paywall\">Google said in a statement on Thursday that Android device manufacturers had rolled out mitigations, rotating keys and pushing out the fixes to users&#8217; phones automatically.  And the company has added scanner detections for any malware attempting to abuse the compromised certificates.  Google said it has not found evidence that the malware snuck into the Google Play Store, meaning that it was making the rounds via third-party distribution.  Disclosure and coordination to address the threat happened through a consortium known as the Android Partner Vulnerability Initiative.<\/p>\n<p class=\"paywall\">\u201cWhile this attack is quite bad, we got lucky this time, as OEMs can quickly rotate the affected keys by shipping over-the-air device updates,\u201d says Zack Newman, a researcher at the software supply-chain security firm Chainguard, which did some analysis of the incident. <\/p>\n<p class=\"paywall\">Abusing the compromised \u201cplatform certificates\u201d would allow an attacker to create malware that is anointed and has extensive permissions without needing to trick users into granting them.  The Google report, by Android reverse engineer \u0141ukasz Siewierski, provides some malware samples that were taking advantage of the stolen certificates.  They point to Samsung and LG as two of the manufacturers whose certificates were compromised, among others.<\/p>\n<p class=\"paywall\">LG did not return a request from WIRED for comment.  Samsung acknowledged the compromise in a statement and said that \u201cthere have been no known security incidents regarding this potential vulnerability.\u201d<\/p>\n<p class=\"paywall\">Though Google seems to have caught the issue before it spiraled, the incident underscores the reality that security measures can become single points of failure if they aren&#8217;t designed thoughtfully and with as much transparency as possible.  Google itself debuted a mechanism last year called Google Binary Transparency that can act as a check of whether the version of Android running on a device is the intended, verified version.  There are scenarios in which attackers could have so much access on a target&#8217;s system that they could defeat such logging tools, but they are worth deploying to minimize damage and flag suspicious behavior in as many situations as possible.<\/p>\n<p class=\"paywall\">As always, the best defense for users is to keep the software on all their devices up to date. <\/p>\n<p class=\"paywall\">\u201cThe reality is, we will see attackers continue to go after this type of access,\u201d Chainguard&#8217;s Newman says.  \u201cBut this challenge is unique to Android, and the news is that security engineers and not good building solutions researchers have made significant progress that prevent, detect, and enable recovery from these attacks.\u201d<\/p>\n<\/div>\n<p>    .<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While Google develops its open source Android mobile operating system, the \u201coriginal equipment manufacturers\u201d who make Android smartphones, like Samsung, play a large role in tailoring and securing the OS for their devices. But a new finding that Google made public on Thursday\u200b reveals that a number of digital certificates used by vendors to validate &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/android-phone-makers-encryption-keys-stolen-and-used-in-malware\/\"> <span class=\"screen-reader-text\">Android Phone Makers&#8217; Encryption Keys Stolen and Used in Malware<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[3758,5166,4838,16784],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Android Phone Makers&#039; Encryption Keys Stolen and Used in Malware - harchi90<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Android Phone Makers&#039; Encryption Keys Stolen and Used in Malware - harchi90\" \/>\n<meta property=\"og:description\" content=\"While Google develops its open source Android mobile operating system, the \u201coriginal equipment manufacturers\u201d who make Android smartphones, like Samsung, play a large role in tailoring and securing the OS for their devices. But a new finding that Google made public on Thursday\u200b reveals that a number of digital certificates used by vendors to validate &hellip; Android Phone Makers&#8217; Encryption Keys Stolen and Used in Malware Read More &raquo;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5\" \/>\n<meta property=\"og:site_name\" content=\"harchi90\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-03T13:02:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/media.wired.com\/photos\/638a1262aa4a1f0bae395b87\/191:100\/w_1280,c_limit\/Android_Sec_GettyImages-1238866620-(1).jpg\" \/>\n<meta name=\"author\" content=\"islamlacoste58\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/media.wired.com\/photos\/638a1262aa4a1f0bae395b87\/191:100\/w_1280,c_limit\/Android_Sec_GettyImages-1238866620-(1).jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"islamlacoste58\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/harchi90.com\/android-phone-makers-encryption-keys-stolen-and-used-in-malware\/\",\"url\":\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5\",\"name\":\"Android Phone Makers' Encryption Keys Stolen and Used in Malware - harchi90\",\"isPartOf\":{\"@id\":\"https:\/\/harchi90.com\/#website\"},\"datePublished\":\"2022-12-03T13:02:10+00:00\",\"dateModified\":\"2022-12-03T13:02:10+00:00\",\"author\":{\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b\"},\"breadcrumb\":{\"@id\":\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/harchi90.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Android Phone Makers&#8217; Encryption Keys Stolen and Used in Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/harchi90.com\/#website\",\"url\":\"https:\/\/harchi90.com\/\",\"name\":\"harchi90\",\"description\":\"Just another WordPress site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/harchi90.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b\",\"name\":\"islamlacoste58\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g\",\"caption\":\"islamlacoste58\"},\"sameAs\":[\"http:\/\/harchi90.com\"],\"url\":\"https:\/\/harchi90.com\/author\/islamlacoste58\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Android Phone Makers' Encryption Keys Stolen and Used in Malware - harchi90","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5","og_locale":"en_US","og_type":"article","og_title":"Android Phone Makers' Encryption Keys Stolen and Used in Malware - harchi90","og_description":"While Google develops its open source Android mobile operating system, the \u201coriginal equipment manufacturers\u201d who make Android smartphones, like Samsung, play a large role in tailoring and securing the OS for their devices. But a new finding that Google made public on Thursday\u200b reveals that a number of digital certificates used by vendors to validate &hellip; Android Phone Makers&#8217; Encryption Keys Stolen and Used in Malware Read More &raquo;","og_url":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5","og_site_name":"harchi90","article_published_time":"2022-12-03T13:02:10+00:00","og_image":[{"url":"https:\/\/media.wired.com\/photos\/638a1262aa4a1f0bae395b87\/191:100\/w_1280,c_limit\/Android_Sec_GettyImages-1238866620-(1).jpg"}],"author":"islamlacoste58","twitter_card":"summary_large_image","twitter_image":"https:\/\/media.wired.com\/photos\/638a1262aa4a1f0bae395b87\/191:100\/w_1280,c_limit\/Android_Sec_GettyImages-1238866620-(1).jpg","twitter_misc":{"Written by":"islamlacoste58","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/harchi90.com\/android-phone-makers-encryption-keys-stolen-and-used-in-malware\/","url":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5","name":"Android Phone Makers' Encryption Keys Stolen and Used in Malware - harchi90","isPartOf":{"@id":"https:\/\/harchi90.com\/#website"},"datePublished":"2022-12-03T13:02:10+00:00","dateModified":"2022-12-03T13:02:10+00:00","author":{"@id":"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b"},"breadcrumb":{"@id":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMiQmh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL9IBRWh0dHBzOi8vd3d3LndpcmVkLmNvbS9zdG9yeS9hbmRyb2lkLXBsYXRmb3JtLWNlcnRpZmljYXRlcy1tYWx3YXJlL2FtcA?oc=5#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/harchi90.com\/"},{"@type":"ListItem","position":2,"name":"Android Phone Makers&#8217; Encryption Keys Stolen and Used in Malware"}]},{"@type":"WebSite","@id":"https:\/\/harchi90.com\/#website","url":"https:\/\/harchi90.com\/","name":"harchi90","description":"Just another WordPress site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/harchi90.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b","name":"islamlacoste58","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/harchi90.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g","caption":"islamlacoste58"},"sameAs":["http:\/\/harchi90.com"],"url":"https:\/\/harchi90.com\/author\/islamlacoste58\/"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":145902,"url":"https:\/\/harchi90.com\/major-security-leak-left-samsung-android-phones-vulnerable\/","url_meta":{"origin":146968,"position":0},"title":"Major security leak left Samsung &#038; Android phones vulnerable","date":"December 2, 2022","format":false,"excerpt":"A major security leak has led to the creation of \u201ctrusted\u201d malware apps that can gain access to the entire Android operating system on devices from Samsung, LG, and others. As shared by Googler \u0141ukasz Siewierski (via Mishaal Rahman), Google's Android Partner Vulnerability Initiative (APVI) has publicly disclosed a new\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":148856,"url":"https:\/\/harchi90.com\/long-running-major-vulnerability-left-millions-of-android-handsets-wide-open-to-data-theft\/","url_meta":{"origin":146968,"position":1},"title":"Long-running major vulnerability left millions of Android handsets wide open to data theft","date":"December 5, 2022","format":false,"excerpt":"According to a tweet from Google's \u0141ukasz Siewierski (via Mishaal Rahman, 9to5Google), hackers and \"malicious insiders\" have been able to leak the platform signing keys used by several Android manufacturers to sign system apps used on Android devices. These signing keys are used to guarantee that the apps and even\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":146380,"url":"https:\/\/harchi90.com\/samsungs-android-app-signing-key-has-leaked-is-being-used-to-sign-malware\/","url_meta":{"origin":146968,"position":2},"title":"Samsung&#8217;s Android app-signing key has leaked, is being used to sign malware","date":"December 2, 2022","format":false,"excerpt":"A developer's cryptographic signing key is one of the major linchpins of Android security. Any time Android updates an app, the signing key of the old app on your phone needs to match the key of the update you're installing. The matching keys ensure the update actually comes from the\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":149024,"url":"https:\/\/harchi90.com\/delete-these-malware-apps-from-your-android-asap\/","url_meta":{"origin":146968,"position":3},"title":"Delete These Malware Apps From Your Android ASAP","date":"December 5, 2022","format":false,"excerpt":"photo: Proxima Studio (Shutterstock)It's unfortunate how often we hear about apps containing malware on Google's platform (not that they're alone with a malware problem). Each time we learn about new trojans, it's a reminder to stay diligent when downloading new apps. This time, the newly-discovered apps have over two million\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":117487,"url":"https:\/\/harchi90.com\/these-malware-apps-are-still-live-on-the-google-play-store\/","url_meta":{"origin":146968,"position":4},"title":"These Malware Apps Are Still Live on the Google Play Store","date":"November 4, 2022","format":false,"excerpt":"photo: BigTunaOnline (Shutterstock)Malware is a problem that affects all platforms\u2014including Apple\u2014but it's Android that seems to face the majority of cases these days. Stories pop up far too frequently concerning newly discovered batches of malicious apps on the Play Store. This time, there are four of them, one with over\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":111033,"url":"https:\/\/harchi90.com\/these-malware-dropper-apps-have-thousands-of-play-store-downloads-delete-them-now\/","url_meta":{"origin":146968,"position":5},"title":"These malware dropper apps have thousands of Play Store downloads \u2014 delete them now","date":"October 28, 2022","format":false,"excerpt":"A new set of malware dropper apps have been discovered on the Google Play Store, with these apps using fake updates to install banking trojans on the devices of unsuspecting users.As reported by BleepingComputer (opens in new tab), malware droppers have a much easier time than malicious apps getting onto\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"fifu_image_url":"https:\/\/media.wired.com\/photos\/638a1262aa4a1f0bae395b87\/191:100\/w_1280,c_limit\/Android_Sec_GettyImages-1238866620-(1).jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/146968"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=146968"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/146968\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=146968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=146968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=146968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}