Tag: executable

Malicious apps with >1 million downloads slip past Google defenses twice

Enlarge / One of the fee-based services ExpensiveWallpaper apps subscribed users to. Researchers recently found at least 50 apps in the official Google Play market that made charges for fee-based services without the knowledge or permission of users. The apps were downloaded as many as 4.2 million times. Google quickly removed the apps after the researchers reported them, but within days, apps from the same malicious family were back and infected more than 5,000 devices. The apps, all from a family of malware that security firm Check Point calls ExpensiveWall, surreptitiously uploaded phone numbers, locations, and unique hardware identifiers to attacker-controlled servers. The apps then used the phone numbers to sign up unwitting users to premium services and to send fraudulent premium text messages, a move that caused users to be billed. Check Point researchers didn’t know how much revenue was generated by the apps. Google Play showed the apps had from 1 million to 4.2 million downloads. Packing heat ExpensiveWall—named after one of the individual apps called LovelyWall—used a common obfuscation technique known as packing. By compressing or encrypting the executable file before it’s uploaded to Play, attackers can hide its maliciousness from Google’s malware scanners. A key included in the package then reassembled the executable once the file was safely on the targeted device. Although packing is more than a decade old, Google’s failure to catch the apps, even after the first batch was removed, underscores how effective the technique remains. Read 3 remaining paragraphs | Comments

More:
Malicious apps with >1 million downloads slip past Google defenses twice

Resident Evil 7’s Denuvo protections cracked in under a week

Enlarge / Imagine these in-game bars are Denuvo copy protection, and CPY is the shotgun that can bust open the lock. A cracked PC version of Denuvo-protected Resident Evil 7 appeared online over the weekend, offered up by hacking collective CPY less than a week after its January 24 release. The crack marks a new low-water mark for the effectiveness of Denuvo’s DRM protection, which just a year ago was considered so unbreakable that major cracking group 3DM took a public break from even attempting to crack Denuvo-protected games. Since then, though, over 20 Denuvo-protected games have been cracked or bypassed by 3DM, CPY, and other groups, starting with Doom and Rise of the Tomb Raider last summer . The Resident Evil 7 crack, in particular, is notable for how quickly it came after the game’s legitimate release. Denuvo copy-protection relies on specific triggers inserted into the executable game code, and those triggers are placed differently in each protected game. This makes it hard to release any sort of generalized tool that will quickly crack all Denuvo-protected games. Instead, the Denuvo cracking process can require a lot of nitty-gritty manual searching through game data for each individual title. Read 4 remaining paragraphs | Comments

Visit link:
Resident Evil 7’s Denuvo protections cracked in under a week