as informed in
Security researchers have discovered a new Android trojan named Skyfin that can infiltrate the local Play Store Android app and download or purchase other apps behind the user’s back.
Skyfin injects itself in Play Store app processWhile Android.DownLoader itself could be used to download other apps, Skyfin appears to be a trojan specialized in seamlessly infiltrating the standard Google Play Store app, containing features built specifically for this role.
According to Dr.Web, a security firm based in Russia, one of the apps downloaded in some of these instances contains the Skyfin trojan.
Skyfin can perform all these actions by injecting itself in the native Google Play Store app process and by stealing and mimicking the device’s unique ID, the phone owner’s Google account, and internal authorization codes.
After Google removed the app from the Play Store, subsequent Skyfin infections contacted a command and control server from where they retrieved a list of apps they had to install.
38% of Android VPN Apps on Google Play Store Plagued with Malware
The fact cannot be overlooked that these VPN apps are used by hundreds and thousands of users across the globe.
“In spite of the promise of privacy, security and anonymity given by the majority of VPN apps – millions of users may be unawarely [sic] subject to poor security guarantees and abusive practices inflicted by VPN apps,” concluded the team.
Research conducted by Australia’s Commonwealth Scientific and Industrial Research Organisation (CSIRO) and the University of South Wales and UC Berkley found that nearly 38% of Android VPN apps are infected with malware; making blind trust of these apps a not so prudent move.
Must Read: 7 Online Activities That Can Get You ArrestedThe research teams studied around 234 VPN apps that were uploaded on Google Play Store and a startling one-third were identified to be tracking users via malware.
Kaafar advises that users must pay attention to the permissions demanded by the downloaded apps and they must learn about the seriousness of issues that are associated with infected VPN apps.
collected by :Mina Lony