Transaction

jmetaB0240ec6217ba97bb06f072eafeed4dec3eedbe08d3801df1d94434dbe19e50d851@4a558486681abbf54ab7d92fc07ba63976d1e89342e0c066cac479982846453frss.itemmetarss.netM=<item> <title>Novel technique allows malicious apps to escape iOS and Android guardrails</title> <link>https://arstechnica.com/?p=2044637</link> <comments>https://arstechnica.com/security/2024/08/novel-technique-allows-malicious-apps-to-escape-ios-and-android-guardrails/#comments</comments> <dc:creator><![CDATA[Dan Goodin]]></dc:creator> <pubDate>Wed, 21 Aug 2024 20:40:49 +0000</pubDate> <category><![CDATA[Biz & IT]]></category> <category><![CDATA[Security]]></category> <category><![CDATA[android]]></category> <category><![CDATA[iOS]]></category> <category><![CDATA[malicious apps]]></category> <category><![CDATA[malware]]></category> <category><![CDATA[phishing]]></category> <guid isPermaLink="false">https://arstechnica.com/?p=2044637</guid> <description><![CDATA[Web-based apps escape iOS "Walled Garden" and Android side-loading protections.]]></description> <content:encoded><![CDATA[<div id="rss-wrap"> <figure class="intro-image intro-left"> <img src="https://cdn.arstechnica.net/wp-content/uploads/2023/05/phone-malware-800x532.jpg" alt="An image illustrating a phone infected with malware"> <p class="caption" style="font-size:0.8em"><a href="https://cdn.arstechnica.net/wp-content/uploads/2023/05/phone-malware.jpg" class="enlarge-link" data-height="665" data-width="1000">Enlarge</a> (credit: Getty Images)</p> </figure> <div><a name="page-1"></a></div> <p>Phishers are using a novel technique to trick iOS and Android users into installing malicious apps that bypass safety guardrails built by both Apple and Google to prevent unauthorized apps.</p> <p>Both mobile operating systems employ mechanisms designed to help users steer clear of apps that steal their personal information, passwords, or other sensitive data. iOS bars the installation of all apps other than those available in its App Store, an approach widely known as the Walled Garden. Android, meanwhile, is set by default to allow only apps available in Google Play. Sideloading—or the installation of apps from other markets—must be manually allowed, something Google warns against.</p> <h2>When native apps aren’t</h2> <p>Phishing campaigns making the rounds over the past nine months are using previously unseen ways to workaround these protections. The objective is to trick targets into installing a malicious app that masquerades as an official one from the targets’ bank. Once installed, the malicious app steals account credentials and sends them to the attacker in real time over Telegram.</p></div><p><a href="https://arstechnica.com/?p=2044637#p3">Read 8 remaining paragraphs</a> | <a href="https://arstechnica.com/?p=2044637&comments=1">Comments</a></p>]]></content:encoded> <wfw:commentRss>https://arstechnica.com/security/2024/08/novel-technique-allows-malicious-apps-to-escape-ios-and-android-guardrails/feed/</wfw:commentRss> <slash:comments>5</slash:comments> </item>