Google Play again used to host malware-laden apps; this time, Overseer

News by Doug Olenick

Google Play continues to be a playground for cybercriminals with Google recently having to remove four apps from the store because they were distributing a new form of malware dubbed Overseer.

Google Play continues to be a playground for cyber-criminals with Google recently having to remove four apps from the store because they were distributing a new form of malware dubbed Overseer.

Once installed Overseer would steal a laundry list of personal information including, user's name, cell number, email address and contacts, the victim's exact location, network ID, internal and external memory, phone type, permissions and more, wrote Michael Flossman and Kristy Edwards, researchers with Lookout Security, in a blog.

The apps in question included an embassy finder that targeted foreign travellers and what were most likely fake news apps developed specifically to spread Overseer.

One reason the malware caught the researchers attention is because it uses Facebook's Parse Server hosted on Amazon Web Services for command and control purposes.

“This allows it to remain hidden because it doesn't cause Overseer's network traffic to stand out and could potentially present a challenge for traditional network-based IDS solutions to detect,” the researchers said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike