Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches.

  • GenderNeutralBro@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    6 months ago

    Doesn’t it require jumping through a ton of hoops to install apks from unknown sources on modern Android? How many people are A) capable of doing this, and B) naive enough to actually do it?

    That said, I don’t use Chrome so I’ve never seen that incredibly shady-looking real update notification they showed in the article. If Google has indeed trained users to expect and accept something like that, then shame on Google. I can’t blame users for thinking the fake one is legit. It looks very similar (and it seems like it would be trivial to make it look 100% identical). But still, how does the apk actually get installed?

    • tjhart85@kbin.social
      link
      fedilink
      arrow-up
      6
      ·
      6 months ago

      When I installed fdroid from their website a month or two back it was like 2 or 3 clicks. Then whenever I want to install anything from there it’s an extra click or two over what it would be from Play.

      I’ve seen people click through way more complicated processes than this without even knowing they did it. Modern computing has taught people to just keep hitting whatever the approval text is (yes windows, I really do want to copy all of these god damn files. Yes, really, I still do! Yep, again, ALL of them!)

    • SqueakyBeaver@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 months ago

      The only hoops are

      1. Try to install APK, popup appears
      2. Press “go to settings” or whatever
      3. Enable toggle
      4. Possibly try to install APK again if the installation prompt doesn’t automatically appear
      • Victor@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 months ago

        Most of the people I know that aren’t tech savvy are at least smart enough to be aware of that fact, so they would already hesitate at 2. The real dangerous people are the confident ignoramuses.