Malware apps can invade your mobile devices
Mobile devices are increasingly becoming subject to malicious activity and malware apps are being pushed into phones, tablets, or other devices running Android and IOS, points out the SophoLabs 2019 Threat Report. It says for some time malicious versions of popular apps were predominantly found at third-party app stores. “Conventional wisdom (and in fact, our recommendation) is to use the legitimate app stores, but even this advice may not be enough to protect you from unwanted apps,” says the study.
The study says although both Google and Apple offer a closed ecosystem for app distribution, and actively scan newlyuploaded apps for snippets of code known to be malicious, their methods are not perfect. “Malicious app developers have been gaming the system for years, and their
malicious apps do appear in the Google Play Market and Apple App Store,” it adds.
The study maintains that the Android platform has long been a more popular target for malicious app-makers. The open nature of the platform and low barriers to entry for developers has long been a double-edged sword, making it easier to get apps built and functional. There are Trojan apps that steal banking credentials and passwords for other services, including email, intercept and send SMS messages, exfiltrate the owner’s contact list and even cryptocurrency miners perversely disguised as battery saving utilities (when, in fact, running a cryptominer is the most batteryconsumptive thing you could do with a phone), adds the study.
The study identifies some of the unusual malicious campaigns affecting the Android platform as Phishing-in-the-app, which was marketed as bank account management tools; Supply chain compromise, a Trojanized version of a legitimate app that had been included in the factory firmware from a small mobile phone manufacturer and shipped to customers on brand new phones; Cryptominer code in games or utilities, which would run whether or not the app itself was running, and functioned as a constant drain on the phone’s (or other device’s) battery. Cryptominers also put strain on processors by repeatedly running complex mathematical operations; and Advertising clickfraud embedded in apps, which are surprisingly, one of the most profitable criminal enterprises right now.