![]() This can be done at runtime without updating the entire application. To add the malicious program components, the developers used a technique that is also used by Facebook and Netflix apps: they uploaded the required features via Android's custom JavaScript bridge after the app had been installed on the prospective user's device. 24 hours later, the app had disappeared from the store. Google only blocked the developer account once the researchers configured the alleged SMS blocker in such a way that it sent the address book of the Bouncer's simulated HTC smartphone to an external server every second. First, they removed the IP filter, which didn't catch the attention of the malware scanner: new app versions could be added to the Play Store without any problems. Once the researchers had succeeded in getting their app past the Bouncer this way, they began to test its limits. They then equipped their app with the ability to execute malicious program components only if it was started outside of the Bouncer's IP range. This allowed them to establish, for example, the IP range of the Bouncer's servers. For their experiment, the researchers initially uploaded the app without any malicious routines. The researchers presented their findings at the Black Hat information security conference in Las Vegas.ĭeveloped by Nicolas Percoco and Sean Sulte, the SMS Bloxor Android app claimed to simply filter and block incoming SMS messages, but it really only had a single purpose: to find the pain threshold of Google's Bouncer malware scanner. The result: Bouncer only kicked in once they pushed their experiment into high gear and dropped all pretence of subtlety. The researchers initially uploaded a benign app to the store and then gradually updated it with malicious routines over time. Security researchers from Trustwave's SpiderLabs have tested the tolerance level of Google's anti-malware Bouncer, its automated scanning component designed to prevent malicious Android apps from being published to the Google Play store. ![]()
0 Comments
Leave a Reply. |