Month: September 2017

Enlarge / One of the fee-based services ExpensiveWallpaper apps subscribed users to.

Researchers recently found at least 50 apps in the official Google Play market that made charges for fee-based services without the knowledge or permission of users. The apps were downloaded as many as 4.2 million times. Google quickly removed the apps after the researchers reported them, but within days, apps from the same malicious family were back and infected more than 5,000 devices.

The apps, all from a family of malware that security firm Check Point calls ExpensiveWall, surreptitiously uploaded phone numbers, locations, and unique hardware identifiers to attacker-controlled servers. The apps then used the phone numbers to sign up unwitting users to premium services and to send fraudulent premium text messages, a move that caused users to be billed. Check Point researchers didn't know how much revenue was generated by the apps. Google Play showed the apps had from 1 million to 4.2 million downloads.

Packing heat

ExpensiveWall—named after one of the individual apps called LovelyWall—used a common obfuscation technique known as packing. By compressing or encrypting the executable file before it's uploaded to Play, attackers can hide its maliciousness from Google's malware scanners. A key included in the package then reassembled the executable once the file was safely on the targeted device. Although packing is more than a decade old, Google's failure to catch the apps, even after the first batch was removed, underscores how effective the technique remains.

Enlarge / Treasury Secretary Steven Mnuchin, left, chairs the Committee on Foreign Investment in the United States. Defense Secretary James Mattis, right, serves on the committee, which recommended that Trump block the Lattice deal. (credit: Joint Chiefs of Staff)

President Trump has blocked an investment firm owned by the Chinese government from acquiring Lattice Semiconductor, a maker of field-programmable gate arrays and other programmable logic devices. The decision follows a recommendation by the Committee on Foreign Investment in the United States (CFIUS), a US government body that reviews deals for potential national security problems.

Chinese investors have been plowing money into American technology companies in recent years, and this has raised concerns that Chinese control could undermine American national security. That could happen because Chinese firms gain the knowhow to develop high-end technologies with military applications. Or deals could pose a more direct threat if they enable the Chinese government to infiltrate the supply chain for products purchased by the US government—thereby creating opportunities for surveillance or sabotage.

Lattice, a Portland-based company with around 1,000 employees, argued that the Trump administration had nothing to worry about. Lattice said it outsourced chip manufacturing to other companies, so there wasn't a risk of manufacturing facilities being infiltrated. Lattice also offered to transfer key intellectual property to the US government to ensure that it didn't fall into Chinese hands.