{"id":19656,"date":"2022-08-20T20:08:22","date_gmt":"2022-08-20T23:08:22","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=19656"},"modified":"2022-08-20T20:08:24","modified_gmt":"2022-08-20T23:08:24","slug":"aplicativos-android-na-google-play-store-com-malware-bancario","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2022\/08\/basico\/aplicativos-android-na-google-play-store-com-malware-bancario\/","title":{"rendered":"Aplicativos Android na Google Play Store com malware banc\u00e1rio"},"content":{"rendered":"\n<h1 class=\"story-title\"><span>Mais de uma d\u00fazia de aplicativos Android na Google Play Store capturados com malware banc\u00e1rio<\/span><\/h1>\n<p style=\"text-align: justify;\">\u00a0<\/p>\n<p style=\"text-align: justify;\"><span><span class=\"\">Uma campanha maliciosa aproveitou aplicativos dropper para Android aparentemente in\u00f3cuos na Google Play Store para comprometer os dispositivos dos usu\u00e1rios com <\/span><span class=\"\">malware <\/span><\/span><span><span class=\"\">banc\u00e1rio<\/span><\/span> <span><span class=\"\"> .<\/span><\/span><\/p>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\"><span>Esses 17 aplicativos dropper, chamados coletivamente de <\/span>DawDropper<span> pela Trend Micro, mascarados como aplicativos de produtividade e utilit\u00e1rios, como scanners de documentos, leitores de c\u00f3digo QR, servi\u00e7os VPN e gravadores de chamadas, entre outros. Todos esses aplicativos em quest\u00e3o foram removidos do mercado de aplicativos.<\/span><\/p>\n<div class=\"clear post-head\">\n<div class=\"postmeta\">\u00a0<\/div>\n<\/div>\n<div id=\"articlebody\" class=\"articlebody clear cf\">\n<div class=\"separator\"><a href=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEjwqYhP8MbtrbC2yFvT6RA-fM5D0X8dOiCmGcvm4e14Zd6G5QnjflYUTMYBDS9P4b0l9lxXMSwSPaf_WyEaLozZOjAd78eiqNjMy1NDdUXWMVaVzgnqByIl584xnTsGYzGGA0zXyFxkL1zNzQHqU5HDubsgU7B0Jn6KCDi1gzrBwvaSaQojCzACayUo\/s728-e100\/hacking.jpg\" class=\"gallery_colorbox\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" title=\"Android Banking Malware\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEjwqYhP8MbtrbC2yFvT6RA-fM5D0X8dOiCmGcvm4e14Zd6G5QnjflYUTMYBDS9P4b0l9lxXMSwSPaf_WyEaLozZOjAd78eiqNjMy1NDdUXWMVaVzgnqByIl584xnTsGYzGGA0zXyFxkL1zNzQHqU5HDubsgU7B0Jn6KCDi1gzrBwvaSaQojCzACayUo\/s728-e1000\/hacking.jpg\"  alt=\"Android Banking Malware\" width=\"608\" height=\"317\" border=\"0\" data-original-height=\"380\" data-original-width=\"728\" \/><\/a><\/div>\n<\/div>\n<p style=\"text-align: justify;\">\u00a0<\/p>\n<p style=\"text-align: justify;\"><span>\u201cO DawDropper usa o Firebase Realtime Database, um servi\u00e7o de nuvem de terceiros, para evitar a detec\u00e7\u00e3o e obter dinamicamente um endere\u00e7o de download de carga \u00fatil\u201d, informou<\/span><span> os pesquisadores . &#8220;Ele tamb\u00e9m hospeda cargas maliciosas no GitHub.&#8221;<\/span><\/p>\n<p>\u00a0<\/p>\n<div class=\"separator\"><a href=\"https:\/\/thehackernews-com.translate.goog\/new-images\/img\/b\/R29vZ2xl\/AVvXsEg2Ucg1G5iFUzK9DIj41MVZrUb50e6HXr_PhsK9HoJ5JrfhxW1ubyMDZpGDK9HQZjhm6m_I5tcoWWpEfNsIrsDzbTOHstLtncwtVV7USSUHFW4MgaMzS8TU-fozGYl4dGwfCH0saNw93dC6Ca0mc3EV0OX8TEaw98o_sb8cYUT8lDW_09lSsne4MqQC\/s728-e100\/apps.jpg?_x_tr_sl=auto&amp;_x_tr_tl=pt&amp;_x_tr_hl=pt\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" title=\"Malware banc\u00e1rio para Android\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEg2Ucg1G5iFUzK9DIj41MVZrUb50e6HXr_PhsK9HoJ5JrfhxW1ubyMDZpGDK9HQZjhm6m_I5tcoWWpEfNsIrsDzbTOHstLtncwtVV7USSUHFW4MgaMzS8TU-fozGYl4dGwfCH0saNw93dC6Ca0mc3EV0OX8TEaw98o_sb8cYUT8lDW_09lSsne4MqQC\/s728-e1000\/apps.jpg\" alt=\"Malware banc\u00e1rio para Android\" width=\"591\" height=\"259\" border=\"0\" data-original-height=\"319\" data-original-width=\"728\" \/><\/a><\/div>\n<div class=\"separator\">\u00a0<\/div>\n<div>\u00a0<\/div>\n<p style=\"text-align: justify;\"><span>Droppers s\u00e3o aplicativos projetados para passar pelas verifica\u00e7\u00f5es de seguran\u00e7a da Play Store do Google, ap\u00f3s o que s\u00e3o usados \u200b\u200bpara baixar malwares mais potentes e intrusivos em um dispositivo, neste caso <\/span><span>Octo<\/span><span> (Coper), <\/span><span>Hydra<\/span><span> , <\/span><span>E<\/span><span>r<\/span><span>mac<\/span><span> e <\/span><span>TeaBot<\/span><span> .<\/span><\/p>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\"><span><span class=\"\">As cadeias de ataque envolveram o malware DawDropper estabelecendo conex\u00f5es com um Firebase Realtime Database para receber o URL do GitHub necess\u00e1rio para baixar o arquivo APK malicioso.<\/span><\/span><\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<div class=\"separator\"><a href=\"https:\/\/thehackernews-com.translate.goog\/new-images\/img\/b\/R29vZ2xl\/AVvXsEhsVJhEZcYFTlLHkLpbzWZs1pi-wKGt9_gFa3-EME6AVNZfPUuLEgrwN91HIEEzVks0pzc3falwa1dP4FFEUt-6l19ASzw70qJf_VDMAAOP_KvQwBHfAe8JO0KrSAs280cU1owtxsQ9nvS1zMPT9ycg9N5xg_kWf-Tdvzr2-m30hjetYpDITf2XsW7M\/s728-e100\/malware.jpg?_x_tr_sl=auto&amp;_x_tr_tl=pt&amp;_x_tr_hl=pt\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" title=\"Malware banc\u00e1rio para Android\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEhsVJhEZcYFTlLHkLpbzWZs1pi-wKGt9_gFa3-EME6AVNZfPUuLEgrwN91HIEEzVks0pzc3falwa1dP4FFEUt-6l19ASzw70qJf_VDMAAOP_KvQwBHfAe8JO0KrSAs280cU1owtxsQ9nvS1zMPT9ycg9N5xg_kWf-Tdvzr2-m30hjetYpDITf2XsW7M\/s728-e1000\/malware.jpg\" alt=\"Malware banc\u00e1rio para Android\" width=\"617\" height=\"581\" border=\"0\" data-original-height=\"686\" data-original-width=\"728\" \/><\/a><\/div>\n<div>\u00a0<\/div>\n<div>\n<p><span>A lista de aplicativos maliciosos dispon\u00edveis anteriormente na loja de aplicativos est\u00e1 abaixo :<br \/><\/span><\/p>\n<p>\u00a0<\/p>\n<ul>\n<li><span>Gravador de chamadas APK (com.caduta.aisevsk)<\/span><\/li>\n<li><span>VPN Galo (com.vpntool.androidweb)<\/span><\/li>\n<li><span>Super Cleaner- hyper &amp; smart (com.j2ca.callrecorder)<\/span><\/li>\n<li><span>Scanner de documentos &#8211; PDF Creator (com.codeword.docscann)<\/span><\/li>\n<li><span>Universal Saver Pro (com.virtualapps.universalsaver)<\/span><\/li>\n<li><span>Editor de fotos Eagle (com.techmediapro.photoediting)<\/span><\/li>\n<li><span>Gravador de chamadas pro+ (com.chestudio.callrecorder)<\/span><\/li>\n<li><span>Extra Cleaner (com.casualplay.leadbro)<\/span><\/li>\n<li><span>Crypto Utils (com.utilsmycrypto.mainer)<\/span><\/li>\n<li><span>FixCleaner (com.cleaner.fixgate)<\/span><\/li>\n<li><span>Just In: Video Motion (com.olivia.openpuremind)<\/span><\/li>\n<li><span>com.myunique.sequencestore<\/span><\/li>\n<li><span>com.flowmysequto.yamer<\/span><\/li>\n<li><span>com.qaz.universalsaver<\/span><\/li>\n<li><span>Lucky Cleaner (com.luckyg.cleaner)<\/span><\/li>\n<li><span>Simpli Cleaner (com.scando.qukscanner)<\/span><\/li>\n<li><span>Leitor de QR Unicc (com.qrdscannerratedx)<\/span><\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\"><span>Inclu\u00eddo entre os droppers est\u00e1 um aplicativo chamado &#8220;Unicc QR Scanner&#8221;, que foi anteriormente <\/span><span>sinalizado pela Zscaler<\/span><span> este m\u00eas como distribuindo o trojan banc\u00e1rio Coper, uma variante do malware m\u00f3vel Exobot.<\/span><\/p>\n<\/div>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\"><span>O Octo tamb\u00e9m \u00e9 conhecido por desabilitar <\/span><span>o Google Play Protect<\/span><span> e usar a computa\u00e7\u00e3o de rede virtual (VNC) para gravar a tela de um dispositivo da v\u00edtima, incluindo informa\u00e7\u00f5es confidenciais, como credenciais banc\u00e1rias, endere\u00e7os de e-mail e senhas e PINs, todos os quais s\u00e3o posteriormente exfiltrados para um servidor remoto .<\/span><\/p>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\"><span>Os droppers banc\u00e1rios, por sua vez <\/span><span>evolu\u00edram<\/span><span> desde o in\u00edcio do ano, afastando-se dos endere\u00e7os de download de carga \u00fatil codificados para usar um intermedi\u00e1rio para ocultar o endere\u00e7o que hospeda o malware.<\/span><\/p>\n<p style=\"text-align: justify;\">\u00a0<\/p>\n<p style=\"text-align: justify;\"><span>\u201cOs cibercriminosos est\u00e3o constantemente encontrando maneiras de evitar a detec\u00e7\u00e3o e infectar o maior n\u00famero poss\u00edvel de dispositivos\u201d, informaram os pesquisadores.<\/span><\/p>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\"><span>&#8220;Al\u00e9m disso, como h\u00e1 uma alta demanda por novas maneiras de distribuir malware m\u00f3vel, v\u00e1rios agentes mal-intencionados afirmam que seus droppers podem ajudar outros cibercriminosos a disseminar seu malware na Google Play Store, resultando em um modelo dropper-as-a-service ( <\/span><span>DaaS<\/span><span> ).&#8221;<\/span><\/p>\n<p>\u00a0<\/p>\n<p>Este artigo \u00e9 uma tradu\u00e7\u00e3o de: <a href=\"https:\/\/thehackernews.com\/2022\/07\/over-dozen-android-apps-on-google-play.html\" target=\"_blank\" rel=\"noopener\">https:\/\/thehackernews.com\/2022\/07\/over-dozen-android-apps-on-google-play.html\u00a0<\/a> (Autor: <span class=\"author\">Ravie Lakshmanan<\/span>)<\/p>\n\n\n\n\n","protected":false},"excerpt":{"rendered":"<p>Mais de uma d\u00fazia de aplicativos Android na Google Play Store capturados com malware banc\u00e1rio \u00a0 Uma campanha maliciosa aproveitou aplicativos dropper para Android aparentemente in\u00f3cuos na Google Play Store para comprometer os dispositivos dos usu\u00e1rios com malware banc\u00e1rio . \u00a0 Esses 17 aplicativos dropper, chamados coletivamente de DawDropper pela Trend Micro, mascarados como aplicativos [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":19662,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,105],"tags":[],"class_list":["post-19656","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/19656","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=19656"}],"version-history":[{"count":5,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/19656\/revisions"}],"predecessor-version":[{"id":19663,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/19656\/revisions\/19663"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/19662"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=19656"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=19656"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=19656"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}