Playing Trick and No Treat with Malicious Apps
Mobile applications are no just limited to smartphones; the app ecosystem has expanded its wings to watches, laptops, televisions, and other devices in our lives. Whether it is Google Play Store or Apple App Store, there are millions of apps available for free download. However, many of these free apps come with several security risks.
One of the major risks revolves around threat actors creating imposter apps to launch malware, stalk users’ activities, or access personal information. Here’s a look at such recent events:
- At the end of September, researchers spotted 17 Android apps infected with the Joker trojan in Google Play Store. These malicious apps posed as utility service apps to bypass the Google Play vetting process.
- A similar malware operation affecting six apps was spotted in early September. Although Google removed these apps from the Play Store, they scored a total of 200,000 downloads.
- In both the above cases, the ultimate purpose was to steal SMS messages, contact lists, and device information to trick victims into signing up for premium service subscriptions.
- Other than Joker trojan, Cerberus trojan camouflaged as several apps to launch its malicious activities on devices without users being aware of it.
- ZDNet also threw light on a malware activity carried out by seven adware apps from the Google Play Store and Apple App Store. The interesting aspect was that these apps were promoted via TikTok and Instagram accounts.
In addition to the Apple App Store and Google Play Store, there is a big bad world of third-party app stores that are popular among threat actors.
- In one incident, ESET researchers found that the APT-C-23 threat actor group had used a fake Android app store - Digital Apps - to distribute a malware named Android/SpyC23.A. The malware was disguised as Telegram, Threema, and weMessage apps.
- Likewise, samples of the Cerberus trojan are still being distributed via third-app stores.
Along with the incidents of malicious apps, mobile malware is on the rise. Over the years, these malware families have expanded their operations to steal credentials and other sensitive information from several apps. For instance, researchers unearthed a new Alien malware that is capable of harvesting passwords from 226 Android apps, most of them being banking apps.
In a digital era where nothing is safe, being self-aware and vigilant is important to protect your devices and personal information. It is always recommended to download apps from official app stores, as third-party app stores are not as secure. However, sometimes malicious apps make their way into official app stores. Therefore, you must make sure to read reviews before downloading apps. If at all, there is a concern about an app’s security, then avoid downloading it.