![]() The latest version known to us was published on 4 October. Only the package name differed for all the versions – the functionality remained unchanged. Then the versions were modified every 6-10 days. The first version of the malicious VK Music app known to us was published on Google Play on 16 August 2015. Such apps are very popular among Android users. ![]() Mass infectionĪs mentioned above, VK Music could be downloaded from the official Google Play store. In addition to promoting groups, the attackers can change passwords and use stolen accounts at their own discretion: we know of cases when victims of the Trojan lost access to their accounts on VKontakte after a period of time. The Trojan then contacts its server for a list of groups to be promoted by the attackers and immediately adds the stolen accounts to these groups. It should be noted that this method of transferring the logins and passwords could also result in them being used by other criminals, because the secure HTTPS protocol is not used. At the same time, a Trojan sends the verified login and password to a cybercriminal server in ordinary text. If authentication is successful, the user can listen to music uploaded to the social network. Immediately after running, VK Music asks users to enter their login and password for their VKontakte account so that the app can function on the site.Īfter users enter their login details the app sends them to the legitimate authentication server oauth.vk.com. By our estimates, the attackers could have used the app to steal hundreds of thousands accounts from users of the social network. VK Music was available for download at the official Google Play app store. But further study showed that it also contained malicious code designed to steal VKontakte user accounts and promote certain groups on the social network. And our path to revealing large-scale theft of VKontakte users’ personal data began with an email from a user asking us to take a look at a suspicious app.Īt first glance, the VK Music app only displayed legitimate functionality – it played audio files uploaded to the social network. According to the old Chinese saying, the journey of a thousand miles begins with one step.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |