tag:blogger.com,1999:blog-4503292949532760618.post1574002195837519518..comments2024-03-28T13:39:27.601-07:00Comments on DSHR's Blog: Liability In The Software Supply ChainDavid.http://www.blogger.com/profile/14498131502038331594noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4503292949532760618.post-69096132289036450772020-11-11T17:49:26.519-08:002020-11-11T17:49:26.519-08:00Catalin Cimpanu reports that Play Store identified...Catalin Cimpanu reports that <a href="https://www.zdnet.com/article/play-store-identified-as-main-distribution-vector-for-most-android-malware/" rel="nofollow"><i>Play Store identified as main distribution vector for most Android malware</i></a>:<br /><br />"The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study — considered the largest one of its kind carried out to date.<br /><br />Using telemetry data provided by NortonLifeLock (formerly Symantec), researchers analyzed the origin of app installations on more than 12 million Android devices for a four-month period between June and September 2019.<br /><br />In total, researchers looked at more than 34 million APK (Android application) installs for 7.9 million unique apps.<br /><br />Researchers said that depending on different classifications of Android malware, between 10% and 24% of the apps they analyzed could be described as malicious or unwanted applications."<br /><br />The paper is <a href="https://arxiv.org/pdf/2010.10088.pdf" rel="nofollow"><i>How Did That Get In My Phone? Unwanted App Distribution on Android Devices</i></a> by Platon Kotzias, Juan Caballero† & Leyla Bilge.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-79048643442178834142020-09-29T14:50:04.114-07:002020-09-29T14:50:04.114-07:00Dan Goodin's “Joker”—the malware that signs yo...Dan Goodin's <a href="https://arstechnica.com/information-technology/2020/09/joker-the-malware-that-signs-you-up-for-pricey-services-floods-android-markets/" rel="nofollow"><i>“Joker”—the malware that signs you up for pricey services—floods Android markets</i></a> explains why app stores such as Google Play can't be depended upon to eliminate malware:<br /><br />"researchers from security firm Zscaler said they found a new batch comprising 17 Joker-tainted apps with 120,000 downloads. The apps were uploaded to Play gradually over the course of September.<br />...<br />The apps are knockoffs of legitimate apps and, when downloaded from Play or a different market, contain no malicious code other than a “dropper.” After a delay of hours or even days, the dropper, which is heavily obfuscated and contains just a few lines of code, downloads a malicious component and drops it into the app."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.com