Connect with us

Tech

Google Play apps steal texts and pepper you with unauthorized purchases

Published

on

Google Play apps steal texts and pepper you with unauthorized purchases

Getty Images

Security researchers have uncovered a batch of Google Play apps that stole users’ text messages and made unauthorized purchases on users’ dimes.

The malware, which was hidden in eight apps that had more than 700,000 downloads, hijacked SMS message notifications and then made unauthorized purchases, McAfee mobile researchers Sang Ryol Ryu and Chanung Pak said Monday. McAfee is calling the malware Android/Etinu.

User data free for the taking

The researchers said an investigation of the attacker-operated server that controlled infected devices showed it stored all kinds of data from users’ phones, including mobile carrier, phone number, SMS messages, IP address, country, and network status. The server also stored auto-renewing subscriptions, some of which looked like this:

etinu c2 data

No joke

The malware is reminiscent, if not identical, to a prolific family of Android malware known as Joker, which also steals SMS messages and signs up users for pricey services.

“The malware hijacks the Notification Listener to steal incoming SMS messages like Android Joker malware does, without the SMS read permission,” the researchers wrote, referring to Etinu. “Like a chain system, the malware then passes the notification object to the final stage. When the notification has arisen from the default SMS package, the message is finally sent out using WebView JavaScript Interface.”

While the researchers say that Etinu is a malware family distinct from Joker, security software from Microsoft, Sophos, and other companies use the word “Joker” in their detection names of some of the newly discovered malicious apps. Etinu’s decryption flow and use of multi-stage payloads are also similar.

The decryption flow.

The decryption flow.

McAfee

In an email, McAfee’s Sang Ryol Ryu wrote, “While Etinu looks very similar to Joker, in-depth, its processes for loading payloads, encryption, targeting geographies are different from Joker.”

The Etinu payloads appear in an Android Assets folder with file names such as “cache.bin,” “settings.bin,” “data.droid,” or “image files.”

assets folder

McAfee

Multi stage

As depicted in the decryption flow diagram above, hidden malicious code in the main installation file downloaded from Play opens an encrypted file named “1.png” and decrypts it using a key that’s the same as the package name. The resulting file, “loader.dex” is then executed, resulting in an HTTP POST request to the C2 server.

“Interestingly, this malware uses key management servers,” the McAfee researchers wrote. “It requests keys from the servers for the AES encrypted second payload, ‘2.png.’ And the server returns the key as the ‘s’ value of JSON. Also, this malware has self-update function. When the server responds ‘URL’ value, the content in the URL is used instead of ‘2.png’. However, servers do not always respond to the request or return the secret key.”

etinu secret key

McAfee

The apps and corresponding cryptographic hashes are:

08C4F705D5A7C9DC7C05EDEE3FCAD12F345A6EE6832D54B758E57394292BA651 com.studio.keypaper2021
CC2DEFEF5A14F9B4B9F27CC9F5BBB0D2FC8A729A2F4EBA20010E81A362D5560C com.pip.editor.camera
007587C4A84D18592BF4EF7AD828D5AAA7D50CADBBF8B0892590DB48CCA7487E org.my.favorites.up.keypaper
08FA33BC138FE4835C15E45D1C1D5A81094E156EEF28D02EA8910D5F8E44D4B8 com.super.color.hairdryer
9E688A36F02DD1B1A9AE4A5C94C1335B14D1B0B1C8901EC8C986B4390E95E760 com.ce1ab3.app.photo.editor
018B705E8577F065AC6F0EDE5A8A1622820B6AEAC77D0284852CEAECF8D8460C com.hit.camera.pip
0E2ACCFA47B782B062CC324704C1F999796F5045D9753423CF7238FE4CABBFA8 com.daynight.keyboard.wallpaper
50D498755486D3739BE5D2292A51C7C3D0ADA6D1A37C89B669A601A324794B06 com.super.star.ringtones

Some of the apps look like this:

etinu infected apps

McAfee

The researchers said they reported the apps to Google, and the company removed them.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

Replicated: Demand for on-premises software equally as strong as SaaS

Published

on

Replicated: Demand for on-premises software equally as strong as SaaS

Join Transform 2021 this July 12-16. Register for the AI event of the year.


While there is a strong demand for cloud applications and software-as-a-service, security, regulatory, and compliance requirements continue to drive demand for on-premises software. In a new Dimensional Research report, 92% of companies said on-premises software was growing. The report, sponsored by Replicated, a software delivery and management company, found that current customer demand for on-premises software was equal to that of public cloud.

Above: Customer demand for on-premises software delivery isn’t slowing down anytime soon.

While it may be popular to believe that “cloud is king” and SaaS is the best and most in-demand modern enterprise software, data shows that demand for on-premises software is equally as strong. It’s the smart choice for customers operating under security, regulatory, and compliance requirements; many organizations cannot allow their customer data to be shared in multi-tenant environments. Additionally, software companies that do not currently provide an on-premises solution to customers leave money on the table and miss a significant business and competitive opportunity.

This new report from Dimensional Research, sponsored by Replicated, highlights the missed business opportunities for software vendors who are not offering an on-premises version. The report provides detailed insights around the current use, need, and challenges for on-premises software and its installation, configuration and management. This report also takes a closer look at the parallel rise in the adoption of container-based applications and the use of Kubernetes.

Perhaps the most important findings are that 92% of surveyed participants reported their on-premises software sales as growing, and that on-premises solutions are equally as popular as their public cloud alternatives. This directly counters the popular narrative that SaaS has overtaken on-premises software delivery, as security and data protection stay top of mind for enterprise software customers.

The survey from Dimensional Research includes feedback from 405 business and technology professionals at executive and manager seniority levels, representing software companies of all sizes around the world across a wide variety of different industries.

Read the full report from Replicated

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Continue Reading

Tech

Roblox hits Q1 bookings of $652.3 million, up 161%, in first report as public company

Published

on

Roblox's user-generated game characters.

Did you miss GamesBeat Summit 2021? Watch on-demand here! 


Roblox, the platform for Lego-like user-generated games, reported its earnings for the first time as a publicly traded company. This met analysts’ expectations. Bookings for the first quarter ended March 31 were $652.3 million, up 161% from the same quarter a year ago.

Roblox has done among its target audience of children and teens during the pandemic, as players turned to it for remote, socially distanced play with their friends at a time when they couldn’t meet in-person.

Roblox previously raised $520 million at a $29.5 billion valuation in a financing round ahead of its direct listing on the New York Stock Exchange as a public company. It opened on March 10 at a valuation of $41.9 billion a share and has hovered around that value. Investors greeted the results positively, with Roblox trading up 5% at $67.18 a share in after-hours trading.

Q1 results

Analysts expected a loss of 21 cents a share on bookings of $568.6 million. Most video game companies emphasize non-GAAP bookings, or the total value of virtual currency purchases by players during the quarter, instead of revenues, which under accounting rules are limited to those purchases that are expected to be fully resolved within a certain time period. For instance, a player may buy Robux currency in the first quarter, but spend it over 10 months. That revenue has to be recognized over time, as it is spent inside the platform’s games.

Roblox’s quarterly revenue came in at $387 million, up 140% from a year earlier. The GAAP net loss for the quarter was $134.2 million. But operating cash flow as positive, and so that means cash is coming into the business, said chief business officer Craig Donata in an interview with GamesBeat.

“We had a strong quarter in terms of bookings, revenue, and operating cash flow, and more important, in terms of daily active user growth and time spent by players,” Donato said.

Roblox gets a 30% cut from the bookings generated by sales of Robux, the virtual currency used by players to play user-generated games, the company’s bookings for 2020 were $1.9 billion, double what they were the year before. Roblox’s games have become so popular that people have played the best ones billions of times. On average, 32.6 million people come to Roblox every day. More than 1.25 million creators have made money in Roblox. In the year ended December 31, 2020, users spent 30.6 billion hours engaged on the platform, an average of 2.6 hours per daily active user each day.

Above: Roblox’s user-generated game characters.

Image Credit: Roblox

Net cash provided by operating activities increased nearly four times in Q1 2021 over Q1 2020 to $164.5 million (including one-time direct listing expenses of $51.9 million). Exclusive of one-time expenses related to the direct listing, net cash provided by operating activities would have been $216.4 million.

Free cash flow increased 4.1 times over Q1 2020 to $142.1 million. Average daily active users (DAUs) were 42.1 million, an increase of 79% year over year driven by 87% growth in DAUs outside of the U.S. and Canada and 111% growth in DAUs over the age of 13.

Hours engaged were 9.7 billion, an increase of 98% year over year primarily driven by 104% growth in engagement in markets outside of the U.S. and Canada, and 128% growth from users over the age of 13. Average bookings per DAU (ABPDAU) was $15.48, an increase of 46% year over year.

April results

Rather than make forecasts about how its upcoming quarter is expected to go, Roblox is not making a forecast. Rather, it is disclosing the actual results for the month of April, which is part of the second quarter.

For the month of April alone, daily active users were 43.3 million, up 37% from April of last year and up sequentially from 42.3 million in the month of March 2021. Hours engaged in April were 3.2 billion, up 18% year over year and flat sequentially from March 2021.

Bookings were between $242 million and $245 million, up 59% to 61% year over year and up sequentially 7% to 9% from March 2021 when bookings were $225.3 million.

Average bookings per DAU were between $5.59 to $5.66, up 16% to 17% year over year and 5% to 6% sequentially from March 2021. April revenue was $143 million to $145 million, up 136% to 140% year over year and 5% to 7% sequentially from March 2021.

“Our first quarter 2021 results enabled us to continue investing aggressively in the key areas that we believe will drive long term growth and value, specifically hiring talented engineering and product professionals and growing the earnings for our developer community,” said chief financial officer of Roblox Michael Guthrie,  in a statement. “We believe we must continue to innovate and so remain focused on building great technology to make progress on our key growth vectors, primarily international expansion and expanding the age demographic of our users.”

The company closed the March quarter with 1,054 employees, up from 651 a year earlier.

GamesBeat

GamesBeat’s creed when covering the game industry is “where passion meets business.” What does this mean? We want to tell you how the news matters to you — not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it.

How will you do that? Membership includes access to:

  • Newsletters, such as DeanBeat
  • The wonderful, educational, and fun speakers at our events
  • Networking opportunities
  • Special members-only interviews, chats, and “open office” events with GamesBeat staff
  • Chatting with community members, GamesBeat staff, and other guests in our Discord
  • And maybe even a fun prize or two
  • Introductions to like-minded parties

Become a member

Continue Reading

Tech

IronSource’s Supersonic launches LiveGames publishing service for indies

Published

on

IronSource's Supersonic launches LiveGames publishing service for indies

Did you miss GamesBeat Summit 2021? Watch on-demand here! 


Mobile monetization firm IronSource said its Supersonic Studios division has launched LiveGames, a self-service way for indie game developers to manage mobile games and their live services (such as tournaments or updates).

This is for Supersonic publishing solution, which IronSource launched more than a year ago. The announcement comes after it announced that it plans to go public via a special purpose acquisition company (SPAC) at an $11.1 billion valuation.

The product offers developers who publish their mobile games with Supersonic access to game management and full visibility and transparency into in-game metrics that enable them to better manage and grow their published games.

Nadav Ashkenazy, the general manager of Supersonic Studios, said in an interview with GamesBeat that the goal is to make publishing tools accessible to indie developers so they can get their games off the ground. It helps with the “growth loop,” after a game reaches a large scale and then needs attention in terms of improving numbers, such as the average playtime per user.

“After you scale a game globally, everything gets more complicated,” Ashkenazy said. “For average playtime per user, we give you a snapshot for that.”

The idea is to support developers as independent companies by productizing what is otherwise a manual process. It also adds some important transparency for developers that they normally can’t get out of game publishers, said Omer Kaplan, the chief revenue officer at IronSource, in an interview with GamesBeat.

“Historically, publishing is a black box,” Kaplan said. “A developer’s game meets retention goals. Then a publisher handles growth and gives a revenue share. We make everything transparent. We have complete transparency for the developers using our publishing solution on the IronSource platform.”

Several rival products in the market help developers test the performance and marketability of their prototypes, with IronSource launching its self-serve testing product for Supersonic developers in 2020. However, one of the biggest challenges comes once a game has been published, since many of the insights relating to a game and its performance are not commonly visible to the developer, limiting the ability to understand, test, iterate and improve for the long term.

Above: IronSource’s LiveGames helps studios manage their game data.

Image Credit: IronSource

With Supersonic, IronSource has focused on helping game companies become better developers, rather than treat each game as a standalone unit.

Through LiveGames, developers will have access to data such as daily, monthly, and annual profit for each of their published games; advanced analytics including retention, playtime, lifetime value, and ad engagement for each region and user acquisition channel; rewarded video and interstitial ad analysis; and advanced analytics from A/B tests for test comparison.

Stan Mettra, the CEO of game studio Born2play, is using LiveGames with the game StackyDash. He said in a statement this is the first time the company has so many insights into the performance of the game. That helps take away blind spots and helps the company take steps to increase revenue. About 25 studios used the LiveGames service in alpha testing and they’re now ready to start using the product.

“We’re encouraging the developers to remain independent,” Kaplan said.

Tel Aviv, Israel-based IronSource has previously said it would raise $2.3 billion in cash proceeds for both shareholders and the company itself through the transactions, which includes both the proceeds from the SPAC (a faster way of going public compared to an initial public offering) and an additional private investment known as a PIPE, or private investment in a public equity. SPACs have become a popular way for fast-moving companies to go public without all the hassle of a traditional IPO. Regulators have come up with more rules to govern SPACs, but the idea is to raise money faster.

IronSource said it recorded 2020 revenue of $332 million and adjusted earnings before interest, taxes, depreciation, and amortization (EBITDA) of $104 million. IronSource said its monetization platform is designed to enable any app or game developer to turn their app into a scalable, successful business by helping them to monetize and analyze their app and grow and engage their users through multiple channels, including unique on-device distribution through partnerships with telecom operators such as Orange and a device makers such as Samsung.

In 2020, IronSource said 94% of its revenues came from 291 customers with more than $100,000 of annual revenue, a dollar-based net expansion rate of 149%.

GamesBeat

GamesBeat’s creed when covering the game industry is “where passion meets business.” What does this mean? We want to tell you how the news matters to you — not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it.

How will you do that? Membership includes access to:

  • Newsletters, such as DeanBeat
  • The wonderful, educational, and fun speakers at our events
  • Networking opportunities
  • Special members-only interviews, chats, and “open office” events with GamesBeat staff
  • Chatting with community members, GamesBeat staff, and other guests in our Discord
  • And maybe even a fun prize or two
  • Introductions to like-minded parties

Become a member

Continue Reading

Trending