App stores tasty target for crooks
A growing number of products raises the chance of something nasty sneaking through
Last week, I wrote about New Zealand businesses taking advantage of the global reach and enormous markets app stores serve up, rather than building it up from scratch.
It wouldn’t be the internet if there wasn’t a flipside to that and there is: digital criminals are attracted to app stores as well, to distribute malware, adware and other bad stuff like illicitly snagging personal user information.
Wait a moment, aren’t app stores supposed to vet what’s in them, and make sure that whatever users download is safe and secure?
That’s very true, and it forms a major part of the attraction for the bad guys: whereas laptop and desktop operating systems will warn users that certain files could be dangerous and harmful, that doesn’t happen on smartphones and tablets.
App stores are trusted sources of digital content and programs, and users automatically assume that anything in them will be safe to download and use.
There’s no need for social engineering through phishing, or digitally carpetbombing users when they’re nicely concentrated and accessible in app store walled gardens ready to be attacked.
Furthermore, mobile devices can, and often do, contain far more valuable data than laptops and desktops. Almost everyone keeps personal conversations, pictures, videos, banking stuff and logins to everywhere on their smartphones and tablets.
It’s easy to see why bad people want to get their wares into those walled gardens that people trust to be safe.
Getting past the security measures and vetting by the app stores requires serious deception and coding skills that few malware writers posses.
They are getting through the protections though: this month, a variant of the BankBot trojan horse malware for Android devices was discovered in Google’s Play store by a security vendor.
BankBot tries to steal your mobile banking and credit card details. The enhanced variant contains many new overlay screens to trick users into thinking they are logging on to their financial institutions when instead the malware is sending their usernames and passwords to attackers.
Google has removed the Funny Videos 2017 app from its Play Store but how did the malware get in there? BankBot was first spotted in January and shouldn’t be back just months after — even if the malware author obfuscated the code.
The “MilkyDoor” malware is a similar story: it started off as “DressCode” or SOCKSbot, which was found last September. Someone’s now taken the code for DressCode and added nasty features to the malware which is now named MilkyDoor.
MilkyDoor was found embedded into 200 apps on Google Play, one of which had seen up to a million installations. The malware targets businesses via bring your own device (BYOD) users, and could be used to attack assets on internal corporate networks, researchers believe.
This could include information theft, but also destroying databases or holding them to ransom as has happened recently.
Those many apps infected with MilkyDoor, the big download numbers and the malware, like BankBot, being a derivative of an older variant, means it’s time to take the notion of app stores being totally safe with a grain of salt.
Apple has had a good run with its App Store when it comes to security, but iPhone and iPad users too have been hit in the past.
Uber was recently given a clout around the ears by Apple boss Tim Cook for “fingerprinting” iDevices, or giving them unique identifiers that persisted even after the ridesharing company’s app had been uninstalled.
There’s no reason to think that Google and Apple are doing things wrong, and have become bad at detecting malware; quite the opposite. Both learn from mishaps, and improve their app store defences constantly, and add protective measures to their operating systems as well. You are most likely much more safe using programs from closed app stores than those from anywhere else.
They won’t ever be perfect however at detecting every single bad thing, and with an ever-growing number of apps in Google and Apple’s stores, the chance of something nasty sneaking through will increase. Be careful what apps you download and install, in other words, and keep that smartphone up to date.
Getting past the security measures and vetting by the app stores requires serious deception and coding skills that few malware writers posses.