Search This Blog

Showing posts with label Google Apps. Show all posts

Google Play Protect Shields Users From Cyberattacks


The leading Android devices all use Google Play Services as a key component. It serves as a link between the Android OS and programs, mostly Google programs and programs from other developers that make use of Google authentication, cloud services, and Game Dashboard.

You could use an Android app that protects users from severe cyberattacks and operates through the official Google Play store called Google Play Protect.

According to a security notice from Google, "Google Play Protect removes apps that have been marked as potentially hazardous because the app actually contains malicious behavior, not only because we are unsure if the app is harmful or not."

Before allowing you to download an app, the feature verifies its security. To deceive users into manually installing the infected files, some of these malicious sites invite victims to download phoney security tools or upgrades.

Four malicious apps were detected by research:
  • Bluetooth App Sender
  • Bluetooth Auto Connect
  • Driver: Bluetooth, USB, Wi-Fi
  • Mobile Transfer: smart switch
More than a million people have downloaded all of the applications together, and they invite a significant danger of identity theft and scams.

"These apps offer capabilities that consumers desire, such as device rooting and other developer features. Users knowingly install these potentially hazardous apps," as per Google.

Essentially Google Play Protect will initially issue a warning about the app's possible dangers when a user starts to install an app that Google has categorized as 'user-wanted.'  Google will not send any more warnings if the user decides to install the program anyhow.

Main functions of Google Play Protect:
  • Verifies the security of downloaded programs from the Google Play store.
  • Detects potentially hazardous programs outside the Google Play store.
  • Warns you about hazardous applications.
  • Removes or disables unwanted applications.
  • Alerts you to apps that break the rules by hiding or making false representations of themselves.
  • Sends you privacy alerts about applications that may request access to your personal information.
  • To protect your privacy, reset your app's permissions.
Google stated in its security note that "after installation, the user-wanted classifications restrict Google Play Protect from delivering additional warnings, so there is no disturbance to the user experience."

The Google Play Services platform also enables Google to push Project Mainline modules, allowing your device to receive security upgrades without having to wait for the producer to release them.

Fraudsters are Exploiting Google Apps to Steal Credit Card Details

 

Threat actors are using a novel approach to steal the credit card details of e-commerce shoppers by exploiting Google’s Apps Script business application platform. Threat actors are abusing Google Apps Script domain ‘script.google.com’ to hide their malicious activities from malware scan engines and evade Content Security Policy (CSP) controls.

Eric Brandel, a cybersecurity researcher unearthed the scam while analyzing Early Breach Detection data provided by Sansec, a cybersecurity firm focused on fighting digital skimming. Brandel explained that threat actors bank on the fact that the majority of the online stores would have whitelisted all Google subdomains in their respective CSP configuration (a security protocol for blocking suspicious code execution in web apps). They take advantage of this trust and abuse the App script domain to route the stolen data to a server under their possession. 

Once, the malicious script was injected by the fraudsters in the e-commerce site, all the payment details stolen from the exploited e-commerce site were transferred as base64 encoded JSON data to a Google Apps Script custom app, using script.google.com as an exfiltration endpoint. Then, the stolen data was transferred to another server - Israel-based site analit. tech – handled by fraudsters.

Sansec stated that “the malware domain analit[.]tech was registered on the same day as previously discovered malware domains hotjar[.]host and pixelm[.]tech, who are hosted on the same network.” Google services such as Google Forms and Google Sheets are also exploited in the past by FIN7 cybercriminal gang for malware command-and-control communications. This gang has targeted banks and point-of-sale (POS) terminals EU and US firms using the Carbanak backdoor.

“Typically, a digital skimmer (aka Magecart) runs on dodgy servers in tax havens, and its location reveals its nefarious intent. But when a skimming campaign runs entirely on trusted Google servers, very few security systems will flag it as ‘suspicious’. And more importantly, popular countermeasures like Content-Security-Policy (CSP) will not work when a site administrator trusts Google”, Sansec explained the workings of the fraudsters.