Just when you thought you could trust governments to behave themselves, Lebanon’s intelligence service has been caught holding the proverbial smoking gun. Since mid-2017, the agency’s Dark Caracal Android malware masquerades as secure messaging apps Signal and Whatsapp.
The malware netted every information that allows the group to identify a person and have an intimate look at their life. Dark Caracal is not a standout bit of malicious software, however; it is merely representative of a vast reservoir of Android malware that may already be on your mobile device.
700.000 fake Android apps identified
In 2017 alone, Google identified more than 700,000 apps that violated the Google Play policies. The volume of violations was 70 percent more than in 2016.
Further, Google fingered 100,000 bad developers in 2017 and cancelled the accounts of the hackers. And though the company made it more difficult to create new accounts, thousands still slip through. Copycat software like Dark Caracol led the list of most-wanted malicious apps.
It seems impossible to completely remove software that impersonates other apps. Hackers will always find new ways to fool Googles´A.I. detection systems and convince users to download them onto their devices.
The most common vehicles malware uses is to impersonate well-known apps or upgrades to apps. Like Dark Caracol, they will display themselves as anything ranging from Skype through Whatsapp through Messenger.
Well-known titles receive a great deal of search traffic for particular keywords. Hackers use Search Engine Optimization techniques to improve the chances of users finding their fake apps based on the keywords.
Black hats repackage and sneak masquerading apps into the Play Store by using unicode characters that users easily confuse. They also hide fake app icons in locations different from the original. In 2017, Google spotted more than a quarter of a million of impersonating apps they deleted from the library.
- Promon offers app repackaging detection through its Promon SHIELD™. The act of repackaging the application is also used when attempting to reverse engineer the application.
- Promon SHIELD™ offers the possibility to detect when an application has been repackaged.
- Furthermore, Promon SHIELD™ creates a strong binding between the app and Promon SHIELD™, so the security features provided by Promon SHIELD™ cannot be bypassed easily.