{"id":1670,"date":"2021-04-21T18:32:35","date_gmt":"2021-04-21T13:02:35","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=1670"},"modified":"2021-06-07T11:24:29","modified_gmt":"2021-06-07T05:54:29","slug":"new-fraud-billing-applications-downloaded-by-75000-users-from-play-store","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/","title":{"rendered":"New Fraud Billing Applications Downloaded by 75000 users from Play Store!"},"content":{"rendered":"\n<p><p style=\"text-align: justify\">The security researchers have spotted a new way to fraud the users by creating malicious applications that were used to hijack the SMS notifications that lead to the billing fraud. The applications have now targeted users located in Southwest Asia and Arabian Peninsula and more than 700,000 users have downloaded these applications.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">The experts also said that these applications deal with photo editors, wallpapers, keyboard skins, camera-related apps, and puzzles. As the users download this application the malware that was embedded in these fake applications will steal the SMS notifications of users and the hackers make unauthorized purchases with them.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">However, this application is named Joker malware, which is repeatedly reported while sneaking the Google Play defenses in the past four years, which result in Google is removing the 1700 infected applications from the Play Store. The malware that causing the fraud and having the capabilities to steal the SMS messages and contact list with device information. The malware also typically deploy the technique called versioning which further refers while uploading and adding the malicious code using the various updates.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"728\" height=\"586\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/new-malware-fraud-billion-image1.jpg\" alt=\"New Fraud Billing Applications Downloaded by 75000 users from Play Store!\" class=\"wp-image-1671\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/new-malware-fraud-billion-image1.jpg 728w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/new-malware-fraud-billion-image1-300x241.jpg 300w\" sizes=\"(max-width: 728px) 100vw, 728px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify\">Whereas, the additional code that was injected in the first-stage payload is also seemingly innocuous. PNG file and also create a command-and-control server while retrieving the secret key that is used to decrypt the file to the loader. After that, the payload encrypted another decrypted file to install the malware.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">According to the investigators and the C2 servers also revealed the user&#8217;s personal information that includes the phone number, SMS message, IP address, network status, carrier details, and many more.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>List of Applications that Spread Malware<\/strong><\/h2>\n\n\n\n<p>The experts also share the list of nine application that spread this malware are listed below;<\/p>\n\n\n\n<ul><li>Keyboard Wallpaper (com.studio.keypaper2021)<\/li><li>2021 Wallpaper and Keyboard (org.my.favorites.up.keypaper)<\/li><li>Picture Editor (com.ce1ab3.app.photo.editor)<\/li><li>PIP Camera (com.hit.camera.pip)<\/li><li>Barber Prank Hair Dryer, Clipper and Scissors (com.super.color.hairdryer)<\/li><li>Keyboard Wallpaper (com.daynight.keyboard.wallpaper)<\/li><li>Pop Ringtones for Android (com.super.star.ringtones)<\/li><li>Cool Girl Wallpaper\/SubscribeSDK (cool.girly.wallpaper)<\/li><li>PIP Photo Maker (com.pip.editor.camera)<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Summering Up<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify\">Although, the users who are downloaded these applications are requested to check for unwanted activities or transactions. Users also check and verify that these applications will not take any suspicious permissions that may leak the user data. Check the permission requested by the application carefully and scrutinize the applications before they are downloaded or executed on the device.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">The experts are identifying how the Joker operators repeatedly executing the malware in the applications and listed them on the Google Play Store, after caught multiple times how these applications work.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The security researchers have spotted a new way to fraud the users by creating malicious applications that were used to hijack the SMS notifications that lead to the billing fraud. The applications have now targeted users located in Southwest Asia and Arabian Peninsula and more than 700,000 users have downloaded these applications. The experts also [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1672,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Fraud Billing Applications Downloaded by 75000 users from Play Store! - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Fraud Billing Applications Downloaded by 75000 users from Play Store! - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"The security researchers have spotted a new way to fraud the users by creating malicious applications that were used to hijack the SMS notifications that lead to the billing fraud. The applications have now targeted users located in Southwest Asia and Arabian Peninsula and more than 700,000 users have downloaded these applications. The experts also [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-21T13:02:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-07T05:54:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/new-malware-fraud-billion-featured-image1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"524\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"New Fraud Billing Applications Downloaded by 75000 users from Play Store!\",\"datePublished\":\"2021-04-21T13:02:35+00:00\",\"dateModified\":\"2021-06-07T05:54:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/\"},\"wordCount\":447,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/\",\"url\":\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/\",\"name\":\"New Fraud Billing Applications Downloaded by 75000 users from Play Store! - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-04-21T13:02:35+00:00\",\"dateModified\":\"2021-06-07T05:54:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Fraud Billing Applications Downloaded by 75000 users from Play Store!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Fraud Billing Applications Downloaded by 75000 users from Play Store! - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/","og_locale":"en_US","og_type":"article","og_title":"New Fraud Billing Applications Downloaded by 75000 users from Play Store! - Xiarch Solutions Private Limited","og_description":"The security researchers have spotted a new way to fraud the users by creating malicious applications that were used to hijack the SMS notifications that lead to the billing fraud. The applications have now targeted users located in Southwest Asia and Arabian Peninsula and more than 700,000 users have downloaded these applications. The experts also [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-04-21T13:02:35+00:00","article_modified_time":"2021-06-07T05:54:29+00:00","og_image":[{"width":1000,"height":524,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/new-malware-fraud-billion-featured-image1.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"New Fraud Billing Applications Downloaded by 75000 users from Play Store!","datePublished":"2021-04-21T13:02:35+00:00","dateModified":"2021-06-07T05:54:29+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/"},"wordCount":447,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/","url":"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/","name":"New Fraud Billing Applications Downloaded by 75000 users from Play Store! - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-04-21T13:02:35+00:00","dateModified":"2021-06-07T05:54:29+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/new-fraud-billing-applications-downloaded-by-75000-users-from-play-store\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"New Fraud Billing Applications Downloaded by 75000 users from Play Store!"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1670"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=1670"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1670\/revisions"}],"predecessor-version":[{"id":1673,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1670\/revisions\/1673"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/1672"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=1670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=1670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=1670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}