Google has removed roughly 1,700 unique applications from its Google Play app store that were part of a family of potentially unwanted programs.
Dubbed "Bread" and also known as "Joker", this family of Potentially Harmful Applications (PHAs) was engaged in billing fraud and was initially observed in 2017, when the apps were focused solely on SMS fraud.
Over time, the developers of the applications have focused on finding new cloaking and obfuscation techniques to evade Google Play Store’s new policies and Play Protect’s evolving defenses and remain undetected.
The 1.7k unique Bread apps were detected and removed from the Play Store before even being downloaded by users, Google says.
“Many of these samples appear to be designed specifically to attempt to slip into the Play Store undetected and are not seen elsewhere,” Alec Guertin and Vadim Kotov, Android Security & Privacy Team, noted in a Jan 9 blog post.
Since the initial discovery, the Bread apps have switched from SMS fraud to WAP billing, following new Play Store policies restricting use of the SEND_SMS permission. The newer app versions, which are focused on toll fraud, continue to leverage mobile billing techniques involving the user’s carrier.
Through SMS billing, carriers partner with vendors to allow users to pay for services by SMS, via texting a prescribed keyword to a prescribed number (shortcode).
Through toll billing, the user can complete a payment via a web page provided by the carrier, where they need to enter their phone number, and then verify the request. Verification is performed either when the ..
Support the originator by clicking the read the rest link below.
