Monthly Archives: January 2018

First Kotlin-based malware found in Google Play Store

The first Android malware designed to steal information, carry out click ad fraud, and sign users up to premium SMS services without their permission, written using the Kotlin programming language has been found in the Google Play store.

An open-source programming language, Kotlin is a fully-supported official programming language for Android which Google boasts contains safety features in order to make apps ‘healthy by default’. Kotlin became an official language for Android in May 2017 and it has proved popular — Twitter and Netflix are among the 17 percent of Android Studio projects using it.

However, researchers at Trend Micro have uncovered what they believe to the first example of malware developed using Kotlin. The malicious app posed as a utility tool for cleaning and optimising Android devices, and has been downloaded from the official Google Play store by between 1,000 and 5,000 users.

When the app is launched, information about the victim’s device is sent to a remote server, and the malware sends an SMS to a number provided by the command and control server. Once this message has been received, the remote server will begin URL forwarding for click ad fraud.

Cybercriminals have started to use the Kotlin programming language and infiltrated Google Play.

Image: Getty Images/iStockphoto

As part of this routine, the malware receives a command which executes a WAP (wireless application protocol) task, enabling it to access information on the wireless network, alongside injecting malicious Javascript code which allows it to silently access the device’s data.


Once this has been completed, the malware can upload information about the user’s service provider and login information to the command and control server. This automatically signs them up to a premium SMS subscription service, which will cost the victim money.

The nature of the malware means these operations will initially go unnoticed, providing the victim with an unpleasant surprise when they receive their next phone bill.

Trend Micro disclosed the malware to Google, which told the researchers that Google Play Protect has protections in place to protect users from this malware.

While Google keeps the vast majority of Android malware out of its app store, apps continue to slip through the net. Over 1.5 million users recently fell victim to malware that posed as flashlight and other utility apps in the Google Play Store.



New ransomware headache as crooks are dumping bitcoin for rival cryptocurrencies

While bitcoin was the preferred way of paying to free PCs from ransomware or buying illegal services on the dark web, that might not be the case for much longer — and tracking down and online criminals could become harder as a result.

Bitcoin remains a popular currency among cybercriminals, but its high profile is also causing them certain headaches. While some are sitting on large stockpiles of the currency, for others, it is causing issues, forcing them to alter the prices of their products on a daily or hourly basis.

That volatility could provide a means of getting rich quick for cryptocurrency investors, but a crash could also result in criminals losing everything. As a result — and because bitcoin doesn’t offer full anonymity — some criminals are moving their focus to other forms of cryptocurrency, such as Monero, Ethereum, and Zcash.

Launched in 2014, Monero is growing in popularity, thanks to additional security and privacy features which mean transactions can’t be traced back to any particular user or address. Transaction histories are also kept private.

Consequently, it’s gaining traction on the dark web and underground forums, according to law enforcement officials — and has also been used as a means of collecting ransom payments.

If more cybercriminals move towards other forms of cryptocurrency, it will make tackling cybercrime more difficult for law enforcement. It may also create a new headache for organisations that have bought bitcoin in the past in case they were hit by a ransomware attack, and who will now have to stockpile alternative cryptocurrencies too.