ThreatList: Google Play Nine Times Safer Than Third-Party App Stores

potentially harmful applications” (PHAs) installed. Also, the first three quarters in 2018 averaged an even lower PHA rate, of 0.08 percent. In comparison, in the first three quarters of 2018, 0.68 percent of devices using third-party app store were affected.

The security of devices that installed apps from outside of Google Play has improved however: In 2017, 0.82 percent of these devices were affected by PHAs.

The data also shows that newer versions of Android are less affected by PHAs.

“We attribute this to many factors, such as continued platform and API hardening, ongoing security updates, and app security and developer training to reduce apps’ access to sensitive data,” said Jason Woloz and Eugene Liderman of the Android Security & Privacy Team, in a post on Thursday. “In particular, newer Android versions—such as Nougat, Oreo and Pie—are more resilient to privilege escalation attacks that had previously allowed PHAs to gain persistence on devices and protect themselves against removal attempts.”

Geographically, PHA rates in the 10 largest Android markets have remained steady on average. However, some points stood out: India saw the most significant decline in PHAs present on devices, with the average rate of infection dropping by 34 percent. Indonesia, Mexico and Turkey also all saw a decline in the likelihood of PHAs being present on devices in the region. South Korea saw the lowest number of devices containing PHAs, with only 0.1 percent.

“Since 2017, we’ve reduced [the number of devices infected with PHAs] by expanding the auto-disable feature,” Woloz and Liderman noted. The auto-disable feature flags potential malware and requires user action to continue the installation. “While malware rates fluctuate from quarter to quarter, our metrics continue to show a consistent downward trend over time.”

StrongPity APT Changes Tactics to Stay Stealthy

After being exposed, the APT made minor adjustments in their tactics to stay off the security radar.

ThreatList: 3 Out of 4 Employees Pose a Security Risk to Businesses

Finance-sector employees fared the worst in an awareness survey, with 85 percent showing some lack of cybersecurity and data privacy knowledge.

Podcast: A Utility Ransomware Attack, Post-Hurricane

What are utility and power companies, and federal agencies, doing to ready themselves for potential ransomware attacks? Threatpost discusses.