Despite Google's defenses for protecting Android's official marketplace, cybercriminals still manage to sneak in a banking Trojan, or two, or three, security researchers have discovered. Recently, security researchers from different security companies based in Europe disclosed on Twitter that they found several banking Trojans in Google Play. Lukas Stefanko of ESET antivirus vendor found three such malicious apps posing as astrology software that offered the horoscope. What they really divined, though, was theft of SMS and call logs, sending text messages in the victim’s name, downloading and installing apps without user approval, and stealing banking credentials. Before tweeting his findings, Stefanko reported the offensive entries to Google, who booted them from the store; but by the time of the removal, one of them had been downloaded more than 1,000 times, and over 500 users had added the other two to their Android devices. One of the malicious apps, which Stefanko noticed in its code that had been named Herobot, displayed a fake warning saying that it was incompatible and has been removed as a result. The malware remained on the device and acted in the background, requesting banking targets based on the apps present on the device. The malware researcher said that the command and control (C2) server was still alive when he tweeted about it. An important aspect is that all three Trojans discovered by Stefanko enjoyed a low detection rate. At the time of writing, the malware piece with the highest detection rate on VirusTotal was recognized by 12 out of 60 antivirus products; for the least detected one, only six saw its true colors. Complete details can be found on OUR FORUM.

Fraudulent tech-support services that buy online advertising space have grown in sophistication to a level that Google cannot distinguish them from legitimate providers. Operators of tech-support scams often operate just like a legitimate business to avoid detection and to ensure their success for a longer time. Sometimes even employees are unaware of the illegal activity. Over the past few years, scammers have begun to promote their activity through search ads, claiming to be an authorized service center for products from popular companies such as Apple, Microsoft or Dell. Playing on the user's trust in the results and ads provided by Google, most of the times the scammers just have to wait for the victim to call. The tactic is powerful because the potential victims are the ones placing the call, so they have already shown some trust in the service. Tech-support scammers have become more proficient at what they do. Apart from creating websites that instill trust, they also try to obtain as much information as possible about the victim or their machine, to help them make the deceit more difficult to spot. Symantec published at the beginning of August a report on how fraudulent tech-support activity has started to integrate call optimization, a service that allows them to dynamically insert phone numbers in web pages. There is more to this post on OUR FORUM.