Cryptomining dominates mobile threat landscape
Threat actors are increasingly looking to exploit the popularity and volatility of cryptocurrency in their attacks on mobile devices according to a new report.
The latest Mobile Threat Landscape report from threat management specialist RiskIQ analyzed 120 mobile app stores and more than two billion daily scanned resources.
An app called Calendar 2 appeared in the Apple App Store in March which began mining Monero digital currency on user devices. Although the app disclosed this activity and offered the option for users to pay fees or use the app with all advanced features disabled, the app developers set mining as the default option, which meant users would have to opt-out rather than opt-in. The app described mining as 'free' for the user, which is misleading because of the significant energy and computing costs associated with mining activity. Ultimately, bugs that caused the app to continue mining, despite users opting out and used excessive CPU usage, caused the developer to pull the app from the store after a short period.
RiskIQ also issued an alert warning of blacklisted apps masquerading as, or associating themselves with Bitcoin exchanges, Bitcoin wallets, or just 'cryptocurrency' in general. These indicate the rise of digital currencies and their attractiveness as an income stream for both crooks and legitimate businesses.
Overall though the report shows that malicious mobile apps continue to decline, despite the increased number of apps observed by the company. In Q1, 21,948, or 1.4 percent, of the total of 1,508,825 newly observed apps were blacklisted, which is a lower percentage than in the previous four quarters.
The report's authors conclude:
Users should be discerning and skeptical when downloading anything and have passive protection such as antivirus software along with regular backups. Watch out for malicious apps mimicking reputable, highly downloaded apps. There is a persistent problem of lookalike apps. This tactic is effective because our brains recognize and make instantaneous judgments about visual stimuli. So, when you see an app with the same logo as that popular encrypted messenger, it is easy to choose it without noticing that the name has a trailing period that should not be there.
You can find out more in the full report which is available from the RiskIQ website.