Content

Google Play again used to host malware-laden apps; this time, Overseer

Share

Google Play continues to be a playground for cybercriminals with Google recently having to remove four apps from the store because they were distributing a new form of malware dubbed Overseer.

Once installed Overseer would steal a laundry list of personal information including, user's name, cell number, email address and contacts, the victim's exact location, network ID, internal and external memory, phone type, permissions and more, wrote Michael Flossman and Kristy Edwards, researchers with Lookout Security, in a blog.

The apps in question included an embassy finder that targeted foreign travelers and what were most likely fake news apps developed specifically to spread Overseer.

One reason the malware caught the researchers attention is because it uses Facebook's Parse Server hosted on Amazon Web Services for command and control purposes.

“This allows it to remain hidden because it doesn't cause Overseer's network traffic to stand out and could potentially present a challenge for traditional network-based IDS solutions to detect,” the researchers said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.