It’s the third threat actor, after SunCrypt and RagnarLocker, that adopt the “Triple Extortion” strategy to increase pressure on malware victims.
12,706 in the top 150,000 Android apps hide backdoors as secret access keys, master passwords, and secret commands
In the top 150,000 Android apps, 12,706 hide backdoors and suspicious behavior. It has been discovered by cyber security experts from Ohio State University, New York University and CISPA Helmholtz Center for Information Security. Researchers analyzed 100,000 applications based on the number of downloads from Google Play store, 20,000 from an alternative market, and 30,000 pre-installed on Android smartphones. “We identified 12,706 apps containing a variety of backdoors such as secret access keys, master passwords, and secret commands that can allow users to access admin-only functions or attackers to gain unauthorized access to users’ accounts,” said the researchers according to Hot For Security. For their research, the team developed InputScope, a custom tool allowing them to uncover hidden traits of mobile applications by analyzing input validation behavior. The tool revealed three types of “input-triggered hidden behaviors using secret access keys, master passwords and secret commands.”
The cyber security experts identified also 4,028 apps featuring input blacklisting for keywords in different categories
According to the cyber security experts, secret keys can be used to access the administrator interface of an app, and allow users to change its configuration. To show the vulnerability of passwords, the researchers analyzed popular screen-locking apps. They noted that an attacker “can simply trigger a hidden button after multiple trials with a wrong password.” The hidden interface that appears requests the input of a special code. “Then, attackers can click the hidden button to get a new interface where a special code is requested. By providing it, the password for unlocking the screen can be reset.” The team also identified 4,028 apps featuring input blacklisting for keywords in categories such as pornography, escort services, racial discrimination, bullying, etc. “Also, our analysis discovered 4,028 apps validating user input against blacklisted words of different categories such as insults, racial discrimination, political leader names, and mass incidents,” the researchers said.