Mal­ware apps can in­vade your mo­bile de­vices

Banking Frontiers - - Reading Habits -

Mo­bile de­vices are in­creas­ingly be­com­ing sub­ject to ma­li­cious ac­tiv­ity and mal­ware apps are be­ing pushed into phones, tablets, or other de­vices run­ning An­droid and IOS, points out the SophoLabs 2019 Threat Re­port. It says for some time ma­li­cious ver­sions of pop­u­lar apps were pre­dom­i­nantly found at third-party app stores. “Con­ven­tional wis­dom (and in fact, our rec­om­men­da­tion) is to use the le­git­i­mate app stores, but even this ad­vice may not be enough to pro­tect you from un­wanted apps,” says the study.

The study says al­though both Google and Ap­ple of­fer a closed ecosys­tem for app dis­tri­bu­tion, and ac­tively scan new­lyu­ploaded apps for snip­pets of code known to be ma­li­cious, their meth­ods are not per­fect. “Ma­li­cious app de­vel­op­ers have been gam­ing the sys­tem for years, and their

ma­li­cious apps do ap­pear in the Google Play Mar­ket and Ap­ple App Store,” it adds.

The study main­tains that the An­droid plat­form has long been a more pop­u­lar tar­get for ma­li­cious app-mak­ers. The open na­ture of the plat­form and low barriers to en­try for de­vel­op­ers has long been a dou­ble-edged sword, mak­ing it eas­ier to get apps built and func­tional. There are Tro­jan apps that steal bank­ing cre­den­tials and pass­words for other ser­vices, in­clud­ing email, in­ter­cept and send SMS mes­sages, ex­fil­trate the owner’s con­tact list and even cryp­tocur­rency min­ers per­versely dis­guised as bat­tery sav­ing util­i­ties (when, in fact, run­ning a cryp­tominer is the most bat­terycon­sump­tive thing you could do with a phone), adds the study.

The study identifies some of the un­usual ma­li­cious cam­paigns af­fect­ing the An­droid plat­form as Phish­ing-in-the-app, which was mar­keted as bank ac­count man­age­ment tools; Sup­ply chain com­pro­mise, a Tro­janized ver­sion of a le­git­i­mate app that had been included in the fac­tory firmware from a small mo­bile phone man­u­fac­turer and shipped to cus­tomers on brand new phones; Cryp­tominer code in games or util­i­ties, which would run whether or not the app itself was run­ning, and func­tioned as a con­stant drain on the phone’s (or other de­vice’s) bat­tery. Cryp­tomin­ers also put strain on pro­ces­sors by re­peat­edly run­ning com­plex math­e­mat­i­cal op­er­a­tions; and Ad­ver­tis­ing click­fraud em­bed­ded in apps, which are sur­pris­ingly, one of the most prof­itable crim­i­nal en­ter­prises right now.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.