Malicious app developers offering to buy old apps from developers who are no longer active, so they can push malware onto those users
(support.google.com)
from NaNin@lemmy.dbzer0.com to security@lemmy.ml on 25 Nov 09:52
https://lemmy.dbzer0.com/post/58319781
from NaNin@lemmy.dbzer0.com to security@lemmy.ml on 25 Nov 09:52
https://lemmy.dbzer0.com/post/58319781
I just got offered by these people to sell my account for my old google play app. Googled the people offering, and I found this thread. Someone in the thread called this out as a malware vector, and I think thats the only way my app would be worth $350. Could this really be an attack vector?Crazy.
threaded - newest
I’m pretty sure this exact scenario is how an old program I used to run got malware on my machine. Now, for the few legacy programs I use, I keep the original offline installers to avoid malware infested updates.
I had this once with a Google Chrome extension. Strange advertisements started to appear on my search results in Google. These advertisements were uncanny. After looking for this behaviour it leads me to infected Chrome extensions.
It was an extension to show favourites in a menu, nothing fancy, I had this one installed for years. It was sell by the author to a company injecting advertisements.
Now, I only install UBlock origins and nothing more.
I use TamperMonkey, which allows me to read and modify the code. I should probably replace a few of my extensions with TamperMonkey scripts but they don’t carry between synced devices so I’d need to transfer them.
Oh dang, you just awakened a memory but I can’t remember which extension it was… same thing, started seeing ads injected into search and the YouTube sidebar.
Really scary given extensions auto-update, who thought that would be a good idea?
That is why I disable auto-update.