Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
ID: 9575995f-5a43-5287-83f0-4e8ca0f4aded
STIX ID: report--9575995f-5a43-5287-83f0-4e8ca0f4aded
Feed Name: Bitdefender Labs
Bitdefender details an active, large-scale Android ad-fraud campaign (at least 331 Play Store apps, >60 million downloads) that evolved by retrofitting previously benign apps with malicious code; attackers abuse content providers and native libraries (including DisplayManager/virtual displays) to start fullscreen phishing activities without standard permissions, hide app icons, persist via foreground services and native code, exfiltrate device/credential data to polymorphed C2 endpoints, and employ obfuscation and anti-analysis measures. The report includes technical analysis, observed TTPs, persistence/C2 behavior, and links to IOC lists.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.