Serious Flaw Denounced In Google Play Store Security

Anyone who owns an Android system knows that the main axis of distribution of applications, games, books, magazines and movies is done through the Google Play Store. Like other programs and sites that demonstrate security flaws on a daily basis, Google's flagship store has been no exception. The Russian firm dedicated to computer security Kaspersky has revealed that since 2016 Android users, particularly located in Southeast Asia, have been victims of leaks of their information. The operation has been named as PhantomLance, it was carried out through malwares and the Vietnamese group of hackers OceanLotus is suspected.

The mechanism

The sophisticated campaign called PhantomLance was carried out through malicious apps that allowed access to all kinds of user information that included obtaining geolocation data, call logs, contacts and browsing history. It has been detailed that there may even have been access to SMS messages, list of applications available on the mobile phone, the model and version of the device.
To fulfill the task, the hackers managed to bypass the controls with fake profiles and licenses that maintained the security and legality of their application, which would later become harmful through an update.
Once the malicious applications were downloaded, permissions were granted to obtain information, even in some cases it was carried out without user interaction.
The types of agents that the malware imitated were device cleaners, Flash plugins, or update programs. The applications may have been downloaded from the Play Store or from alternative sites such as APKpure and APKCombo. Although Kaspersky reported that the affected programs have been removed, they do not rule out that the campaign is still active.

A targeted attack

When analyzing the area most affected by the PhantomLance operation, it was discovered that it was not designed with the intention of worldwide dissemination, but rather focused on Southeast Asian countries. The main areas attacked were India, Vietnam, Indonesia, Iran and Malaysia. The number of attacked devices is around 300.
To verify this theory, the specialists reported that one of the behaviors that is usually observed related to this type of attack is, once the malicious app is available in the Play Store, inject large amounts of money to promote it and spread it. This has not been the case in this operation, which shows that the objective was not to spread globally.
This animosity towards that region plus the way of operating that the experts of the attack analyzed has led us to think that the culprits were from the group called OceanLotus also known as APT32. OceanLotus originates from Vietnam and is believed to have been working since 2013. Between January and April of this year, this hacker group has been suspected of being behind the attack on the Wuhan government and other Chinese public entities to obtain information from COVID. -19. In addition, there are reports accusing OceaLotus of collaborating with the government of Vietnam.
One of the Kaspersky researchers argued that the PhantomLance operation is an excellent sample of how deep and complex computer attacks are becoming. In addition, he stated that this process has been carried out for five years in which attackers have managed to bypass security systems over and over again by using highly advanced technology and that it is clear that the main victims today are mobile phone users. .

Using the Android Google Play Store is commonplace for all users of mobile devices and tablets today, that is why it is so important to be aware of any security flaw. When reviewing what happened after the PhantomLance operation, it is important to highlight how relevant it is as a user to know what it is that you download and install on your system. For this there are good practices such as reading reviews or looking for information related to the product that we are about to install. Sometimes simply by putting in a search engine the name of the application that interests us we can save a headache.
As Kaspersky maintains, attacks have become increasingly sophisticated and mobile technology is the hackers' predilection. It is time to think about becoming more sophisticated and trained ourselves as users. We must consider the important personal information we are constantly posting on internet.