Threat actors are leveraging a technique called versioning to evade Google Play Store’s malware detections and target Android users.
“Campaigns using versioning commonly target users’ credentials, data, and finances,” Google Cybersecurity Action Team (GCAT) said in its August 2023 Threat Horizons Report shared with The Hacker News.
While versioning is not a new phenomenon, it’s sneaky and hard to detect. In this method, a developer releases an initial version of an app on the Play Store that passes Google’s pre-publication checks, but is later updated with a malware component.
This is achieved by pushing an update from an attacker-controlled server to serve malicious code on the end user device using a method called dynamic code loading (DCL), effectively turning the app into a backdoor.
images from Hacker News