{"id":11409,"date":"2018-02-07T12:10:05","date_gmt":"2018-02-07T20:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/02\/07\/news-5180\/"},"modified":"2018-02-07T12:10:05","modified_gmt":"2018-02-07T20:10:05","slug":"news-5180","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/02\/07\/news-5180\/","title":{"rendered":"Bogus hack apps hack users back for cryptocash"},"content":{"rendered":"

Credit to Author: Nathan Collier| Date: Wed, 07 Feb 2018 19:30:00 +0000<\/strong><\/p>\n

Recently, we discovered a gold\u2026er\u2026APK mine of fake hacking apps. The “legitimate” versions of hack apps are intended to hack\u00a0other\u00a0<\/em>apps in order to get something for free.\u00a0Although it\u2019s unclear what exactly these fake apps claim to hack,\u00a0the real hack job is done to unsuspecting users.<\/p>\n

Search and you will find<\/h3>\n

Disclaimer:<\/strong>\u00a0 I, and Malwarebytes, do not recommend the process I\u2019m about to outline below. Be that as it may, I\u2019m also not na\u00efve and know people do this all the time. In order to demonstrate the pitfalls of such an approach, I\u2019ll lay it all out for you.<\/p>\n

Say you want a hack for a particular app. Obviously, you aren\u2019t going to find such a hack on Google Play. So you fire up your favorite search engine and type in something like <app name> hack apk.\u00a0<\/em>In this example, let\u2019s use Lyft hack apk\u2014<\/em>Lyft<\/a> being, of course, the popular on-demand transportation company. <\/em>There, right at the top of the results, is the link to the hack app you desire. You decide to play it safe <\/em>and navigate to the source domain rather than the direct link to the hack app. It\u2019s a clean but simply looking website called androidapk.world.<\/p>\n

\"\"<\/p>\n

Convinced that such a clean-looking site has to be legitimate, you proceed to the Lyft hack app.<\/p>\n

Click to view slideshow.<\/a> <\/p>\n

Complete with app screenshots, description of the app (stolen from Google Play), a FAQ, and a How to Install section, it looks promising. There is even a long list of tags so it can be easily searched\u2014which is how you navigated there in the first place. You roll the dice and click Download APK\u2026<\/em><\/p>\n

A bad roll of the dice<\/h3>\n

After install, you open the app and get a message that states you need to install one of three apps listed to unlock premium content.<\/p>\n

Click to view slideshow.<\/a> <\/p>\n

At this point, I suspect that a seasoned user would conclude that the jig is up and rush to uninstall, but let\u2019s just play this out anyway. The first link for Castle Clash <\/em>redirects you to the legit Google Play version of the game\u2014okay, easy enough.\u00a0 The second link for Final Fantasy XV <\/em>redirects to a broken link\u2014fail. The third and final link for AppMatch Survey<\/em> redirects to a dreaded, but harmless survey that ends in, once again, installing an app from Google Play.<\/p>\n

\"\"<\/p>\n

Besides the failed link, all the redirects equal a small payout to the evil doers if an app is installed. Thus the “run it for 30 seconds” disclaimer pop-up.<\/p>\n

After installing said app, and still no hack app and\/or premium content, you should be ready to uninstall this bogus hack job. Good luck finding the app’s shortcut icon though, because it doesn\u2019t exist. Luckily, it\u2019s not too hard to find in your apps list.<\/p>\n

\"\"<\/p>\n

In reality, I\u2019m a little disappointed and confused that the malware developers didn\u2019t hide their efforts more thoroughly. But hey, it\u2019s good news if you did unsuspectingly install it. Hopefully if you did install, you go through the steps to uninstall in leu of the missing shortcut. However, there is going to be small percentage that don\u2019t bother and forget about its existence\u2014which is exactly what the bad actors are “banking” on. (Pun intended. Wait for it…)<\/p>\n

Oh, mine!<\/h3>\n

So far, the attempts to dupe users seem bush league. Meanwhile, the true malicious intent has been running in the background all along. During the entire process of clicking through redirect links, the user may notice their mobile device being a tad slow. That\u2019s because a bitcoin miner<\/a> has been running the whole time. Under the Java class com.coinhiveminer.CoinHive <\/em>is a Monero<\/a> JavaScript miner. Thus, we classify this bogus hack app as Android\/Trojan.CoinMiner.kki.<\/p>\n

\"\"<\/p>\n

Just a dish of adware<\/h3>\n

As if things couldn’t get worse, this fake hack app also comes with adware. Not surprising, as we are seeing a trend of adware being added to various malware variants<\/a> as way to gain extra revenue. This particular adware serves ad pop-ups, as seen below.<\/p>\n

\"\"<\/p>\n

Snake eyes<\/h3>\n

At the beginning of this blog post, I mentioned that I was not na\u00efve to the fact that people willingly install hack apps. I ask you, dear readers, to not be na\u00efve as well. Trying to find workarounds to get apps for free that are otherwise paid apps on Google Play is a gamble. The odds are against you by going to third-party app stores to install apps for free, or finding hack apps like the one described above.\u00a0 This roll of the dice ends in snake eyes.<\/p>\n

In the scenario above, I\u2019m not sure how anything is being hacked <\/em>from the aforementioned Lyft Hack app. As a matter of fact, this should be the first clue something is fishy. As with anything in life, use your best judgment when installing apps onto your mobile device. Consequently, installing an app from a shady app store, even if it does look legit, could cost you. Stay safe out there!<\/p>\n

The post Bogus hack apps hack users back for cryptocash<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Nathan Collier| Date: Wed, 07 Feb 2018 19:30:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
Recently, we discovered a gold mine of fake hack apps that mine for Monero cryptocurrency and serve up annoying adware.<\/p>\n

Categories: <\/p>\n