A new threat for Android devices emerges, as researchers have found a Google Play clone that can send text messages, signature certificates, and bank passwords to Gmail accounts. FireEye researchers Jinjian Zhai and Jimmy Su analyzed the behavior of the app and determined that the attacker uses a dynamic DNS server with the Gmail SSL protocol in order to exfiltrate the collected data. Once started, the fake app, called googl app stoy, requests administrator privileges and, inst…
Comments are closed.
