learn to track

Android’s Confusing Month: Security Advances and Malware Setbacks

TL;DR: Despite Google’s Android security updates in May, including live threat detection, malware like Anatsa continues to plague the Play Store. With millions of installs of malicious apps, Android struggles to match the iPhone’s security perception. The upcoming Android 15 release will be crucial in shifting the threat landscape.

May was a puzzling time for Android users. It began positively, with exciting updates, but ended with Apple’s iPhone pulling further ahead.

Google’s Security Push

Google announced a flood of security updates at its I/O event, including:

  1. A first-of-its-kind mainstream warning for cellular intercept and IMSI grabbing
  2. More advanced theft protection
  3. A “private space” to safeguard sensitive data from thieves or prying eyes
  4. “Live threat detection” using AI to analyze suspicious app behaviour

Google aims to counter the perception that the iPhone is more secure and private. It’s the iPhone’s halo effect that frustrates Google, especially in the US premium market.

Android’s Fences and Shields

For years, Google has been erecting higher fences around the Play Store. It has subtly steered users away from third-party stores towards Play Store and its Protect shield.

Magic bullet? Maybe not.

Malware Strikes Back

But by the end of May, Android’s darker side resurfaced.

Zscaler warned, “Over the past few months, we identified and analyzed more than 90 malicious applications uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs.”

While various malware families pose threats, Anatsa was the highlight.

“This sophisticated malware employs dropper applications that appear benign to users, deceiving them into unwittingly installing the malicious payload. Once installed, Anatsa exfiltrates sensitive banking credentials and financial information from global financial applications. It achieves this through the use of overlay and accessibility techniques, allowing it to intercept and collect data discreetly.”

I’ve warned about Anatsa before. It’s not new. But the optics for Google and Play Store were poorly timed given May’s Android security focus.

Anatsa’s Evolving Threat

Anatsa’s threat remains consistent, but Zscaler notes its US focus and spread to Asia. Anatsa infects phones via seemingly clean apps that are droppers connecting to external servers to pull malware.

“This strategic approach enables the malware to be uploaded to the official Google Play Store and evade detection.”

The clean apps are typical trivia – PDF and QR code readers, for example.

Once installed, Anatsa scans for banking apps and seeks to intercept login credentials and SMS passcodes. It even overlays ghost login pages to trick users.

Android’s Malware Plague

Anatsa is now one of the prevalent malware families plaguing Android users. Report after report confirms the scale of the Android threat versus the iPhone.

Google told Bleeping Computer that “all of the identified malicious apps have been removed from Google Play,” and that “Google Play Protect also protects users by automatically removing or disabling apps known to contain this malware on Android devices with Google Play Services.”

Perception is key.

Malware still finds its way onto Play Store at much greater volumes than Apple’s App Store, only to be identified and mitigated later.

The Privacy Battle Ahead

As Android rolls out new security updates, the on-device/off-device battle will heat up. Apple, Google, and Samsung seek to ensure that AI isn’t a privacy nightmare.

Again, Google and Android will be challenged to overcome Apple’s security and privacy credentials and its no-nonsense commitment to privacy.

Eyes are on Android 15 to see if Google’s new mitigations can shift the threat landscape and the Android vs. iPhone security perception.

An impossible task? It seems so.


Add comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.