New Tricks! Are Software projects being turned into Trojan Horses by Attackers?
Accessibility of compromised systems has been on the rise. Unfortunately, this has enabled cybercriminals to attack the source by buying codes and updating the same codes with malicious ones.
On Dec 4, barcode scanner users realized strange operations on their smartphones when their browsers started displaying unauthorized adverts. According to Malwarebytes, though this could be an adware or a malware defect, what puzzled the users is that most of them had not downloaded any software in the recent past. On the contrary, strange operations resulted from updating software to a typical application known as the Barcode Scanner, which bears millions of downloads. A business group bought this new application, which then pushed several malicious updates to all its users.
Purchasing applications with their software base than sending out updates with harmful codes is referred to as a supply chain attack and a new cybercrime technique. Nathan Collier, the source of this information, reports that this trend is likely to increase and that any Malware developer can achieve this by having someone else develop an application and keep it with Google Plan.
This enables them to update all the application’s users to new versions at any time. Another group employed a similar technique that infected many users with unwanted code via a standard Google Chrome extension in February. Google did away with the Great Suspender utility for Chrome, a utility that functions by lowering the browser’s memory, achieved by locking old processes in the tab.
This was after its original maintainer traded the code with an unidentified group. It was discovered in October 2020 that there were new owners who had made installations of updated code on its users’ systems without any notification. This code bore similar behaviors to adware.
The distribution of malicious codes results from security firms and developers who make an effort to identify attackers who compromise code bases and instead replace them with unwanted adjustments.
When the initial condition of compromising the code base is skipped, the attack becomes easier. For fifteen years, the life cycle for safe development has paid attention to the prevention of developers introducing undesired vulnerabilities and not necessarily detecting and preventing the intentional addition of malicious codes into established applications. For this reason, both developers and security programs are often not ready for this.
Making payments to gain accessibility to weak systems is not a new occurrence. There are cybercriminal services that sell accessibility to systems that are considered compromised. These services continue to evolve and now account for a large percentage of ransomware infections.
Other enterprise groups create advertising software advertisement kits (SDKs) that developers use to realize their applications’ monetary value but end up adding malicious codes to other parties involved. For instance, in August, Synk, a security firm, showed an SDK consumed by more than 1,200 iOS applications spied on millions of other users.
Cybercriminals sometimes compromise the supply chain. Popular software like the compromise that permitted NotPetya to attack SolarWinds is an example. This tactic that involves cybercriminals making targets at popular software projects adds doors into the supply chain for their malicious codes.
In 2017, the Barcode Scanner app was in Google as a legit app that was used by thousands of users. However, when it was being sold to LavaBird LLC, it had close to ten million downloads and a broader user base. LavaBird reports that it sold out the app to another company that is responsible for the malicious adjustments.