Hackers piggybacking off legitimate apps to install mobile malware

If you were desperate for another round of Flappy Bird and downloaded a clone of it, once the game’s creator took the original down, you may have downloaded malware as well, according to a report released this week.

In a new study from McAfee Inc., researchers found out of a sample of 300 Flappy Bird clones, nearly 80 per cent of them contained malware. Essentially, cybercriminals knew a good thing when they saw it, latching onto Flappy Bird’s huge popularity to put malware onto users’ smartphones.

The malware gave criminals a number of capabilities, from the ability to make calls without permission, to send, record, and receive text messages, to take data out of users’ contacts, and to track users’ geolocation data. And in some cases, the malware allowed hackers to gain root access – meaning they could get any data they wanted from the phone, including confidential data.

These findings weren’t the only thing McAfee released in their study. Each quarter, McAfee releases a report highlighting top threats – and for this quarter, cybercriminals weren’t just using Flappy Bird to ensnare users. They’ve been taking advantage of users looking for legitimate mobile apps and services since at least the beginning of 2014, especially when it comes to mobile malware. Compared to 2013, there’s been a 167 per cent jump in the number of mobile malware samples, and in the first quarter of 2014 alone, McAfee managed to collect more than 3.5 million samples of mobile malware.

Most of the malware samples McAfee researchers examined try to steal personal data or to send premium SMS messages through using standard platform application programming interfaces (APIs).

For example, researchers found an app called Android/BadInst.A in the Google Play app store. It automatically downloads and launches other apps, overriding the need for the user to give permission. The app uses a standard Android framework API called AccountManager, and it “talks” to the Google Play server using the authorization tokens without official permission.

Then there’s Android/Waller.A, a Trojan that exploits a vulnerability in the Visa QIQI digital wallet service. Disgusing the malware as an Adobe Flash Player update, or some other app, the malware looks for a digital wallet account and whether there is any money in the wallet. If there is, then it transfers the money out to the hacker’s server. All of this happens without authentication.

Nor are messaging apps immune. WhatsApp is one of the most popular messaging apps out there, and cybercriminals have caught onto this. McAfee researchers also found the Android/Balloonpopper.A Trojan, which exploited a weakness in the way WhatsApp encrypts its users’ messages.

When users downloaded a game app called BalloonPop, they also installed malware that would exploit the flaw in WhatsApp’s encryption. The malware allowed hackers to steal conversations and pictures, later decrypting them and putting them on the hackers’ site for the entire world to see. WhatsApp has since fixed the flaw.

However, there’s still a lesson here to be learned – developers need to ensure they’re protecting their apps and services, ensuring cybercriminals can’t use them to attack users, McAfee researchers wrote in their report. Plus, app stores have a responsibility to make sure only authenticated and authorized client apps are allowed to get access to data – especially true when the apps deal with banking, payments, and other kinds of data that involve financial transactions.

And of course, users seeking to protect themselves need to ensure they’re not giving away too many permissions when they download and install a new app. They should also be sure to update their apps as required, as the updates may include patches to security flaws.

For the full report, head on over here.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Candice So
Candice Sohttp://www.itbusiness.ca
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs