fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Riskware Android Streaming Apps Found on Samsung’s Galaxy Store

Riskware Android Streaming Apps Found on Samsung’s Galaxy Store

Samsung’s official Android app store, called the Galaxy Store, has had an infiltration of riskware apps that triggered multiple Play Protect warnings on people’s devices.

As reported first by Android Police, the malicious apps mimic ShowBox, a pirate app that went bust in 2018, after a coalition of movie studios managed to identify its operator and filed lawsuits against him.

ShowBox and its “sibling” MovieBox enabled users to access copyright-protected movies and TV shows without paying for a membership subscription to the legitimate broadcasters.

Scammers bet on the popularity of the pirate app, and indeed their cloned apps enjoyed a welcoming reception by the Samsung user community.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Infringing and risky

According to mobile security analyst “linuxct“, these apps trigger a Google Play Protect warning because the apps request access to risky permissions that could allow the installation of malware on the Android device.

If the user grants those requests, the apps are allowed to access contact lists, call logs, execute code, fetch malware payloads click on ads, and more.

After analyzing the apps, Linuxct found ad technology that could be exploited to perform remote code execution, allowing it to be abused to execute commands on the device.

Multiple anti-virus engines on VirusTotal detect samples of these apps as riskware, trojan, ad clicker, or generic malware.

Virus Total scan results against a ShowBox clone
Virus Total scan results against a ShowBox clone
Source: Android Police

These clone apps were advertised as streaming apps, promising anonymous access to protected content via an integrated VPN tool.

According to Android Police, at least some of these apps did actually offer the promised pirate functionality at some point.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

That said, from a legal perspective, Samsung should have rejected these apps for what they claim to be, even if they weren’t posing any other risk.

However, the Samsung Galaxy Store review only vets the submitted apps for malware functionality or malicious behavior, so copyright infringement isn’t a consideration. 

Since these apps don’t feature nasty code “out of the box”, they are not treated as malicious and weren’t rejected from the store.

We have reached out to Samsung for a comment on these reports and we will update the post as soon as we hear back from them.

Although the Google Play Store isn’t 100% free from malware or riskware uploads, it remains the safest choice for sourcing Android apps.

In general, pirate apps, either free or paid, pose a legal, security, and privacy risk for their users, and the projected savings/benefits aren’t worth the potential consequences of using them.

These risks are especially true when an app asks for such wide-ranging permissions that allow it to perform commands and access information it should not need to operate.

If you installed one of the ShowBox clones via the Galaxy Store, remove them immediately and run a full scan through a mobile security tool to uproot any potential remnants.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us