Categories
Internet Security Mobile Phones Uncategorized

“TROJAN LOAPI” HUNTS PORNOGRAPHIC LOVERS!!!

Add Your Heading Text Here

Share it:

It seems virus writers are yet to give up on developing on different kinds of unpleasantness to frustrate android users who are fond of downloading adult-rated android application and anti-virus application from third-party stores as well as Google playstore onto their devices.

 A Trojan horse or Trojan is another kind of malware usually disguised as legitimate software. Hackers use trojans to gain access to users’ systems.

Unlike other trojans, this particular one is programmed to overheat your device as a result of the prolonged operation of the processor at maximum load. In addition, it can turn your phone into a zombie and hijack it to use in DDoS attacks against Web resources as well as sign up users to paid services secretly.

HOW TROJAN LOAPI OPERATES:

Users attract the Loapi Trojan by clicking on an ad banner or by downloading a fake AV or adult-content app . As stated earlier,  fake av or adult-content app are common vehicles used by Loapi to gain access to user’s devices.

After installation of fake apps, Loapi asks for administrator rights . Notification to grant Loapi administrator right appears on the user’s device screen until the user finally accepts Loapi administrator demands.

If the user later tries to deny Loapi of administrator rights, it locks the screen and closes the settings frame.

Furthermore, if the user tries to download apps to protect his device against malware and trojan, Loapi declares them to be malware and orders their removal.

Loapi heavily relies on frustrating users in order to prevent them from downloading legitimate anti-virus apps to wipe out other similar trojans.

HOW TO AVOID TROJANS:

  •     Deactivate installation of apps from unknown sources. In Settings go to Security and ensure that the Unknown sources checkbox is not selected.
  • Get a reliable and proven AV for Android and regularly scan your device with it because Google playstore is safe too. Doing so adds another layer of security.

#ISA_informs

#ISA_ltd

Categories
Apps Mobile Phones

10 Faqs About Android Application Security.

Add Your Heading Text Here

Share it:

Today our cybersecurity team reveals 10 common questions bothering android developers interested in securing their android applications.


Q1: How can i protect my android app from software pirates? I mean how can i obfuscate my source code?
Ans: You can choose to use DexGuard or DashO to make it difficult for software pirates, reverse engineers or intruders to pirate your source code.


Q2: I heard you can also use ProGuard to obfuscate source code?
Ans: Yes! But it is not effective. Practically not effective.


Q3: Do you think it is quite safer to save users data on their own device?
Ans: Yes and No. Yes- It is quite safer to save non-sensitive data on users devices. No- It is not safe to save sensitive data on users’ devices even if you intend to protect using strong encryption.


Q4: I heard hackers can intercept data in transit using a proxy such as Burpsuite?
Ans: Yes. They can intercept data in transit.


Q5: So is there any defense mechanism against this form of attack?
Ans: Yes. Ensure that the same validation method implemented on the client side is exactly implemented on the server-side.


Q6: Although I have implemented HTTPS to protect data in transit, i find it difficult to stop “csrf” attacks?
Ans: Okay. You can create tokens for each registered or authenticated user. In addition, ensure that tokens are available temporarily and re-created after a specific period.


Q7: Yes. I have done that but hackers still by-pass csrf protection.
Ans: Ensure that csrf tokens are validated at the server-side. Also make tokens random.


Q8: I want my android app to share data with other app but with some form of restriction. How can I achieve that?
Ans: Okay. You can use content provider which allows apps to share data with other apps. Moreover, with content provider, you can specify read and write permissions. Thus, some apps may have read and write permissions whilst others may have read -only permissions or write-only permissions


Q9: Could I also save data in shared_pref file? I heard it is not safe to do so.
Ans: It is safe to do so when data is not sensitive. It is not safe to do so when data is sensitive. So move all users’ data such as password, userid, and account number to your web server.


Q10: Is it advisable to hire android security researchers or pentesters to audit my apps?
Ans: Yes. We recommend you to do so.
Although these are other common faqs related to android security, at least, you can rely on some of our answers to make your android app secure.

#ISA_informs  #ISA_ltd