By impersonating brands and fooling consumers, malicious mobile apps are on the increase, according to digital threat management leader RiskIQ in its latest Q3 mobile threat landscape report.
Apps available outside of official stores are most likely to be malicious. Google’s percentage of malicious apps decreased to a low of four percent in Q3 after reaching a high of eight percent in Q2. However, one of the most prolific creators of malicious apps worked exclusively in the Play store.
Secondary store AndroidAPKDescargar more than doubled its number of malicious apps to 20,907, making up about one-third of its total app count in Q3. RiskIQ researchers conclude that some stores are being created and pumped up with huge numbers of malicious apps in short order. They speculate that this could be in concert with a particular campaign or to make detection of known bad stores more difficult.
Imitating other well known and popular apps is a popular tactic. The report finds that antivirus, dating, messaging, and social networking apps are favorite targets for this game. The Google Play store, in particular, is fertile ground for these attacks. Querying RiskIQ data for apps in the Play store since the start of Q3 containing 'WhatsApp' -- and excluding any from the official WhatsApp developer -- returned 497 entries. The same query for Instagram returned 566 entries.
Q3 also saw the emergence of a massive mobile botnet attack, known as WireX, affecting around 70,000 Android users globally. Around 300 apps tied to WireX were identified in total, a subset of which was found in official app stores. Google moved to block these apps and to remove them from all Android devices. The apps masquerade as media and video players, ringtones, and storage managers. Once installed, they activate hidden functionality to communicate with command and control servers and launch attacks, whether the app is in use or not.
"Securing the mobile app ecosystem continues to be a challenge for app stores of all sizes, but efforts to improve version control, monitor for abuse, employ verification techniques, and offer security education can help," says Mike Wyatt, director of product operations at RiskIQ. "Tracking the use of brand names and likeness is an equally daunting challenge for corporations. Brands should evaluate and implement solutions that constantly monitor their digital footprint online and in mobile app stores."
The full report is available to download from the RiskIQ website.