Bad actors find novel ways to breach systems and exploit vulnerabilities to spread malware. We’ve seen phishing emails, attacks on crypto exchange platforms, and infected flash drives disguised as gifts. In Google’s August 2023 edition of its Threat Horizons report, the search giant reveals that malware can even appear on the Play Store using a technique called versioning.
What is versioning?
Versioning refers to a technique for spreading malware at the Google Play Store while evading detection. Malicious actors do this by submitting an initially benign app with legitimate features to the app store, in order for the app to pass security checks during the app review process and then be made available for download to users.
At a later time, the malicious actors will push out a subsequent update via a third-party server to modify the code of installed instances of the app, changing its behavior to engage in malicious activities. Users who installed the app could become victims of data theft and financial fraud. The compromised devices could also be used for distributed denial of service attacks and to further spread the malware.
Naturally, versioning goes against the Google Play policies, which state that “an app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play’s update mechanism.” Apps are also prohibited from fetching executable code from sources other than Google Play. Apps found in violation of these policies will be marked as backdoor malware.
In the report, Google mentioned as an example a malware variant called SharkBot. The malware was made to look and behave like an antivirus app (or as performance tuning apps in some cases) to appear legitimate and evade security checks. But once it was installed on a user device, SharkBot would then use dynamic code loading, a form of versioning, to download its full version that’s capable of stealing banking account credentials.
How to avoid malware that spread thru versioning
So users don’t fall for SharkBot and similar malware, Google recommends users to install apps from reputable developers. The search giant also recommends users only get their apps from trusted sources, such as the Google Play Store.
Despite versioning and other tactics that let malware slip onto the app store, the search giant says that it monitors apps nonstop, promptly remove apps that turn out to be harmful, and terminate developer accounts. The company also claims that only less than 1 percent of all downloads from its app store are potentially harmful applications.
Challenges in cloud security
The Threat Horizons report also covered other emerging challenges in cloud security. Perhaps the most disturbing of all is that the use of weak passwords remain a major factor that compromises cloud security, followed by misconfiguration of systems, exposed APIs, and leaked credentials.
The report also mentioned rising cyberattacks and high-profile data breaches in the telecommunications industry and highlighted the importance of adopting modern cybersecurity approaches. The report discussed the issue of source code leaks and how these incidents could aid malicious actors in carrying out exploitation activities.