Google removed a wide selection of Android apps from the Play Store after it was discovered that included spyware who stole confidential information. as assembled Wall Street Magazinedata collection will be carried out by a firm that will presumably perform cyber intelligence tasks for the United States.
The presence of spyware was detected by the company AppCensus, who posted a very detailed report on his blog. This explains how several applications – harmless at first glance and with millions of downloads – include an SDK (coelib.c.coulus library), which collects a very wide range of data from the devices on which they are installed and transmits them to the servers of a company registered in Panama under the name Measurement systems.
After a long search, the investigators determined that the domain of the website of the said company was registered under the name VOSTROM Holdings; a firm based in Virginia, USA that also has several other accomplishments. In accordance with WSJthe company said would be a defense contractor and will perform cyber intelligence, data interception, and network defense tasks for US security agencies. It is even mentioned that interaction with the authorities will be carried out not directly, but through a subsidiary structure called Batch forensics.
Google removes apps used for bulk data collection
One point that caught the researchers’ attention is that the code that was responsible for collecting information behind users’ backs it didn’t work the same in all apps that included iteven if they were using the same SDK version.
So, for example, it was found that an application that allows you to use your smartphone as a computer mouse, collects and transmits the MAC address router to which the device was connected. This utility has had over 10 million downloads worldwide.
Another app that Google has reported to contain spyware was a weather information widget with over 1 million downloads. AppCensus found it could “catch” whatever has been copied to the clipboard and sent it to the Measurement Systems servers. Thus, if users copy the password or any other sensitive data, it will end up in the hands of others.
And they met too the most extreme caseslike barcode and QR code scanner with over 5 million downloads from google store. This app can collect phone numbers, email addresses, precise device location via GPS, mobile phone IMEI, public name (SSID) of Wi-Fi networks, and MAC addresses of the routers it has been connected to.
It is logical that we mention only some cases discovered by experts. In fact, AppCensus has published a list of other applications where the Measurement Systems SDK has been found, and its scope is very diverse; from speed camera alert apps to messaging platforms, audio tools and prayer guides.
While this information has been made public in the past few hours, the findings are not new. Researchers reported to Google about the presence of this spyware in October 2021; Mountain View employees have since removed these and other applications, which they also found to contain malicious code.
However, blocking may not have global consequences. At the time of this writing, we have followed some of the Play Store links included in the original report and the apps are still available to install (at least from Argentina).
How did spyware get into apps?
According to AppCensus, Measurement Systems has injected its malicious SDK into a large number of applications. through the monetization program. Through their website, they offered developers to pay “cost per thousand impressions”. [costo por mil impresiones] above for their data” and mentioned that they would do it ad-free because it was an “alternative monetization strategy”.
“By entering into exclusive contracts with telecommunications companies, marketers and research institutes, we provide our application developers with the highest payouts,” you can still read on his website. And as one developer said Wall Street MagazineThe main task of the Panamanian company was to obtain information from users in countries Middle East, Asia, Central and Eastern Europe.
On the other hand, cybersecurity experts got access to a tutorial that explained to developers how to include spyware in their applications. So the code is considered to have arrived for at least 60 million devices. And while Google has removed apps from the Play Store (even regionally), they are certainly still installed on millions of mobile phones; this will remain a problem until it is discovered that future versions of them will no longer include spyware.
Measurement Systems drops allegations
Measurement Systems denies any involvement in espionage activities reported by AppCensus cybersecurity experts. In fact, the company sent a statement Wall Street Magazine in which even denied his relationship with VOSTROM Holdings and Packet Forensics.
“The allegations they make about the company’s activities are false. In addition, we are not aware of any connection between our firm and US Department of Defense contractors, nor of a company called Vostrom. Forensic Medical Examination” or how it relates to our company,” they said.
In any case, the information disclosed had its impact. The experts found that apps stopped collecting and transmitting information after notifying Google of their discovery. And, as if to add suspicion, the DNS records for the address used to relay the collected data to the Measurement Systems server have been updated to point to the non-routable value 127.0.0.1; while the public WHOIS data for the Panamanian company’s website has also been changed and no longer mentions VOSTROM Holdings.
Source: Hiper Textual
