In 2024, Google blocks 158, 000 illegal Android software engineer accounts.

In 2024, Google announced it had blocked over 2.36 million illegal Android apps from being released on the Google Play application store, and it had also banned more than 158 000 terrible programmer accounts that attempted to release such illegal apps.

The tech giant also pointed out that working with third-party application developers, it prevented 1.3 million apps from gaining abnormal or unwanted access to user data during the time interval.

However, Google Play Protect, a stability feature that’s enabled by default on Android devices to flag book threats, identified 13 million new harmful apps from outside of the standard app store.

Over 91 % of software installs on the Google Play Store now use the most recent safety measures from Android 13 or newer, according to Ron Aquino from Google Play Trust and Safety and Bethel Otuteye and Khawaja Shams from the Android Security and Privacy Team.

In contrast, the business blocked and difficult programs from being published to the Play Store in 2022 and 2023, both.

Google reported that developers ‘ use of the , which enables them to determine whether their apps have been maliciously modified or running in potentially compromised environments, has resulted in an average 20 % lower usage of apps from unverified and untrusted sources.

In addition, the agency’s efforts to immediately stop learned of potentially unsafe programs in markets like Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, Singapore, South Africa, Thailand, and Vietnam has secured 10 million devices from no less than 36 million difficult setup attempts, spanning over 200, 000 unique apps.

Complementing these initiatives, Google this week announced it’s introducing a new” Verified” badge for consumer-facing VPN apps that have successfully completed a Mobile Application Security Assessment ( MASA ) audit. This plan was first made public by Google in November 2023.

This new badge aims to highlight apps that prioritize user privacy and safety, aid users in making wiser choices about VPN apps they choose, and promote apps that users ultimately download, according to the statement.

The findings suggest that keeping an eye on the Android and Google Play ecosystem as new malware strains are gaining access to mobile devices is a constant effort.

Tria Stealer, which has been most recently discovered and primarily aimed at Android users in Malaysia and Brunei, is an example of this. The campaign is thought to have been going on since at least March 2024.

Distributed via personal and group chats in Telegram and WhatsApp in the form of APK files, the malicious apps request sensitive permissions that enable the harvesting of a wide range of data from apps like Gmail, Google Messages, Microsoft Outlook, Samsung Messages, WhatsApp, WhatsApp Business, and Yahoo! Mail.

Due to the presence of artifacts written in Indonesian and the naming convention of the Telegram bots used to host command-and-control ( C2 ) servers, there is some evidence to support the claim that the malware was the product of an Indonesian-speaking threat actor.

” Tria Stealer collects victims ‘ SMS data, tracks call logs, messages ( for example, from WhatsApp and WhatsApp Business ), and email data ( for example, Gmail and Outlook mailboxes )”, Kaspersky . By communicating with various Telegram bots using the Telegram API, Tria Stealer exfiltrates the data.

In an effort to request money transfers from their contacts to bank accounts under their control, the stolen information is then used to hijack personal messaging accounts like WhatsApp and Telegram, and to further perpetuate the scam by distributing the malware-laced APK file to all of their family and friends.

The operators could also use the malware to steal one-time passwords ( OTPs ), which could give them access to a variety of online services, including banking accounts, because Tria Stealer is also able to extract SMS messages.

According to Kaspersky, the advertisement shares some similarities with another activity cluster that distributed a piece of malware known as UdangaSteal in 2023 and early 2024 that targeted Indian and Indonesian victims using package delivery, customer support, and wedding invitations. There is no proof at this time, however, to connect the two malware families to the same threat actor.

Found this article interesting? Follow us on and Twitter to access more exclusive content.

DNS checker

Leave a Comment