Cybercriminals target shopping apps ahead of Black Friday

A new report from attack surface management company RiskIQ shows attackers will leverage popular brands and unsafe consumer shopping habits in the run up to the peak holiday shopping period.

Of all apps that can be found by searching for terms related to holiday shopping, 951, or two percent, are blacklisted as malicious -- a 20 percent increase.

The top-10 most trafficked sites over Thanksgiving weekend have a combined total of 6,353 blacklisted apps that contain their branded terms in the title or description.

Consumers are lured by the chance of a good deal though, 72 percent of respondents to the survey say they would download a shopping-related app if it offered a substantial discount. Yet, more than 58 percent of consumers say they do not check who the developer is before downloading an app. And 77 percent of respondents say they would purchase with a retailer they've never shopped with before if they offered a steep discount.

Also worrying is that almost a third of respondents say they are only somewhat vigilant or not vigilant when entering payment information online.

"This year's bad holiday actors will capitalize by using the brand names of leading e-tailers, as well as the poor security habits of consumers," says RiskIQ threat researcher Jordan Herman. "They'll fool shoppers looking for Black Friday deals, sales, and coupons by creating fake mobile apps and landing pages."

RiskIQ detected 65 incidents of domain infringement across the top-10 most trafficked sites on Black Friday weekend. There were also more than 11,000 new hostnames containing 'Black Friday', 'Cyber Monday', 'Boxing Day', or 'Christmas', with over 180,000 blacklisted URLs containing these terms.

The full report is available from the RiskIQ site.

Photo credit: mtkang / Shutterstock