Have you run out of problems? Google is winding down its reward program for finding vulnerabilities in Android applications
22.08.24
Google has announced the end of the Google Play Security Reward Program (GPSRP), launched in 2017 to reward security researchers for identifying and responsibly disclosing vulnerabilities in popular Android applications.
The program was aimed at improving the security of apps on the Google Play Store and provided financial rewards to researchers for discovering serious vulnerabilities such as remote code execution and theft of sensitive data. During the GPSRP’s existence, significant sums were paid for such finds.
Since its launch, the program has expanded its coverage to include developers of leading apps such as Amazon, Facebook, Snapchat, Spotify, Telegram, Tesla and TikTok. In 2019, the GPSRP began to cover all applications with more than 100 million installations, and maximum payouts for discovered vulnerabilities reached $20,000.
However, Google decided to end the program due to a decrease in the number of vulnerabilities reported by researchers. This is due to the general improvement of the security of the Android operating system and the strengthening of the functionality of applications. The program will cease to exist on August 31, 2024 and all reports submitted before that date will be considered until September 15.
After about a year of silence, the Medusa banking Trojan for Android is back activated, as reported by Cleafy Threat Intelligence. The newly discovered campaigns target users in Canada, France, Italy, Spain, Turkey, the UK and the US. Attackers use smaller versions of the malware, which allows them to operate more stealthily.
Medusa, also known as TangleBot, is a banking Trojan for Android that operates as a Malware-as-a-Service (MaaS). It was first discovered in 2020 and provides attackers with powerful tools to remotely perform unauthorized financial transactions from infected phones. Its features include keystroke recording, screen manipulation, and text message manipulation.
New Medusa campaigns began in May 2024, marking the Trojan’s first activity since July 2023. Unlike other malware with the same name, Medusa is a banking trojan, not a Mirai botnet for DDoS attacks. Updated versions of the Trojan are more compact and require fewer permissions to perform the same malicious actions on infected devices. They also have new features such as overlaying full-screen windows and capturing screenshots, making the Trojan even more powerful and able to initiate fraudulent transactions directly from the device without the user’s knowledge.
Attackers use smishing (SMS phishing) to trick Android users into installing malware. They distribute it through dropper apps, including a fake Chrome browser and a 4K Sports streaming app.
Cleafy Threat Intelligence reports that no Medusa Trojan dropper has been detected in the Google Play Store at this time. This shows that Google’s security measures are working effectively. Users are safe as long as they do not download or install questionable programs from the Internet, especially from links received in messages from unknown numbers. The safest way is to download applications only from official application stores and official websites of companies.
Don't miss interesting news
Subscribe to our channels and read announcements of high-tech news, tes
Asus Zenbook S 14 UX5406S laptop test: ultra-compact
Asus has released an updated model in the Zenbook S laptop family. The UX5406S model in question has received a new Intel Lunarlake generation processor. We will tell you more about the laptop and its new components.
China is developing its own alternatives to Bluetooth and Wi-Fi Bluetooth china development Wi-Fi
China has approved a new universal wireless protocol, Star Flash, that promises to simplify device management and strengthen the country’s technological independence, The Register reports, in a move that could have a significant impact on the global technology market.
HDRezka and the rest are more popular in Ukraine than official Netflix, Megogo, Prime, Apple TV events in Ukraine internet
Ukraine ranked sixth in the world in terms of consumption of pirated content, behind the United States, India, Russia, the United Kingdom, and Canada. Such data was published by UABlockList, citing Bloomberg.