430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Malware

Beware Apple iMessage app for Android, it is a dangerous fake

A fake Apple iMessage app for Android OS has been published on official Google Play app store for around one month and totaling at least 10000 downloads. A fake Apple iMessage app for Android platform is concerning mobile developers and security experts. The app was initially published on the Google Play store but it isn’t the Android version […]

Beware Apple iMessage app for Android, it is a dangerous fake

A fake Apple iMessage app for Android OS has been published on official Google Play app store for around one month and totaling at least 10000 downloads.

A fake Apple iMessage app for Android platform is concerning mobile developers and security experts. The app was initially published on the Google Play store but it isn’t the Android version of the popular instant messenger service developed by Apple Inc., it is a free application credited to a guy named Daniel Zweigart.

The app has been pulled from Google Play according to a Google spokesperson, but it is still available on numerous third party sites, including download.com. The fake iMessage app for Android allows users to interact with Apple users, but it stealthy elaborates users’ data on the developer’s server hosted in China.

“Every packet from Apple is forwarded to 222.77.191.206, which then sends back exactly what data to send to Apple (along with extra packets that I presume tell the client what’s happening so it can update its UI). Likewise, if the client wants to send a message, it first talks to the third-party server, which returns what needs to be sent to Apple. The data is re-encrypted as part of this process, but its size is deterministically unaffected.”

The author of the App managing the hosting server is able to read all message content, user credentials and possible Apple ID account information including credit card numbers.

The mobile developer Jay Freeman wrote an interesting post a his Google+ page in which provided more information on the mysterious app.

“This not only means that Apple can’t just block them by IP address,” “but also that they get to keep the ‘secret sauce’ on their servers (and potentially just run Apple code: there are some parts of the process in Apple’s client code that is highly obfuscated). “Clearly, this is suboptimal from a security perspective,” Freeman wrote.

The malicious iMessage app for Android more surprises, according mobile developer Steven Troughton Smith it is also capable of downloading additional Android APKs in the background, circumstance that alerted security experts due the possibility to install malicious payloads on the victims mobile.

iMessage app for Android

Software engineer Adam Bell added further information on the behavior or the mysterious app

“I can definitely confirm it can download APKs and patches in the background,”“As far as I saw no credit card info is touched (locally on the device anyway), but when you log in or send an iMessage, all data is sent to a server in China first, acting of some sort of MITM, so who knows what they’re doing with that.”

Bell also said that the app spoofs chat requests as a Mac mini.

“It may be that they’re using Mac Minis to forward the requests, or it may be just as simple as hiding the extra phone traffic as Mac Minis to go unnoticed,” Bell said.

Personally I think that most concerning aspect is that  the iMessage app for Android had been published on the official Google Play for less than a month totaling at least 10,000 downloads.

Cybercrime is manifesting an increasing interest in mobile devices, a capillary diffusion and lack of awareness on risks related to principal cyber threats for mobile users makes these platforms privilege targets.

On May APWG published an interesting study, titled APWG Mobile Financial Fraud report, on the underground marketplace that revealed the explosion of prolific mobile fraud malware market.

The report confirmed the expansion of the black market for mobile malicious code and cases like the one proposed in this post are the confirmation of a concerning trend.

Pierluigi Paganini

(Security Affairs –  iMessage app for Android, mobile, cybercrime)