Malicious and imitation apps continue to proliferate – so how can your organisation stay safe?
It has been a tough quarter when it comes to application security, according to RiskIQ’s latest mobile threat landscape report, with an increase in malicious apps flooding the marketplace, new mobile botnets, and imitation and trojan apps making it through official app store borders.
The report, which analysed 120 mobile app stores and more than two billion daily scanned resources, found that Google’s percentage of malicious apps fell to a low of 4% this quarter, having been at 8% in Q2. Yet this still equates to almost 10,000 apps blacklisted this quarter. Compare this to 9Game.com, a secondary app store, whose overall number of blacklisted apps nudged 5,000 but represented more than 95% of its total figure.
Perhaps the biggest malicious product we saw in the most recent quarter was WireX, affecting at least 70,000 Android users worldwide, which was spotted and eventually foiled by a variety of security experts, from RiskIQ to Akamai, Cloudflare, Google and others) through ‘extraordinary collaboration’, as the report puts it.
In terms of imitation apps, the advice is clear: even if it appears in an official store, it does not mean you can automatically trust it. “Until consumers can trust the software dispensed from sources that should be reliable, people will continue to install things like WhatsApp imitators that turn their phones into attack platforms targeting any network at which the command and control server points them,” the report notes.
As a result, RiskIQ goes through the tell-tale signs if an app is malicious. “Before downloading an app, be sure to take a look at the developer – if it’s not a brand you recognise or has a strange appearance or spelling, think twice,” the report notes.
“Make sure to take a deep look at each app,” it adds. “New developers, or developers that leverage free email services for their developer contact, can be enormous red flags. Poor grammar in the description highlights the haste of development and the lack of marketing professionalism that are hallmarks of mobile malware campaigns.”
“Securing the mobile app ecosystem continues to be a challenge for app stores of all sizes, but efforts to improve version control, monitor for abuse, employ verification techniques, and offer security education can help,” said Mike Wyatt, director of product operations at RiskIQ. “Tracking the use of brand names and likeness is an equally daunting challenge for corporations. Brands should evaluate and implement solutions that constantly monitor their digital footprint online and in mobile app stores.”
You can read the full report here (email required).
- » New York cybersecurity fund shows importance of investing in people rather than technology
- » How to safely navigate the world of open source languages
- » Is there room left for privacy in the digital world?
- » The insider threat: Making user errors a thing of the past
- » Apple and Salesforce strike enterprise app strategic partnership