'Mobile malware tactics abuse legitimate apps'
Dubai, June 25, 2014
Mobile malware tactics abuse the popularity, features and vulnerabilities of legitimate apps and services, including malware-infested clones masquerading as the popular mobile game Flappy Birds, said a report.
The McAfee Labs Threats Report: June 2014 highlighted the need for mobile app developers to be more vigilant about the security of their apps and encourages users to be mindful when granting permission requests that criminals could exploit for profit.
The lab found that 79 per cent of sampled clones of the Flappy Birds game contained malware. Through these clones, perpetrators were able to make phone calls without user permission, install additional apps, extract contact list data, track geo-location and establish root access for uninhibited control over anything on the device, including the recording, sending and receiving of SMS messages.
The other examples of trusted mobile app and service features being manipulated for criminal gain include Android/BadInst.A, which abuses app store account authentication and authorisation to automatically download, install and launch other apps without user permission.
It also includes Android/Waller.A, which is a Trojan exploited the flaw in a legitimate digital wallet service to commandeer its money-transfer protocol and transfer money to the attacker’s servers and Android/Balloonpopper.A, which is also a Trojan that exploits an encryption method weakness in the popular messaging app WhatsApp, allowing attackers to intercept and share conversations and photos without users’ permission.
The report also found that that McAfee Labs’ ‘zoo’ of mobile malware samples grew by 167 per cent between the first quarter of last year and this year.
New suspicious URLs set a three-month record with more than 18 million, a 19 per cent increase over Q4 last year, which new malicious signed binaries remain a popular form of attack, increasing by 46 per cent in the first quarter of the year, said the report.
Meanwhile, new threats attacking the master boot record increased by 49 per cent in the first quarter of the year, while ransmware sample counts dropped for three straight quarters and botnet providers included virtual currency mining capabilities with their services, reflecting the increasing popularity of digital currencies such as Bitcoin, it added.
Vincent Weafer, senior vice president for McAfee Labs, said: “We tend to trust the names we know on the internet and risk compromising our safety if it means gaining what we most desire.
“The year 2014 has already given us ample evidence that mobile malware developers are playing on these inclinations, to manipulate the familiar, legitimate features in the mobile apps and services we recognize and trust. Developers must become more vigilant with the controls they build into these apps, and users must be more mindful of what permissions they grant.”
Hamed Diab, regional director in the Middle East, said: “With the mobile malware having started recently to use legitimate apps and services to gain unauthorised and criminal access, we urge the public to be highly alert when downloading games, apps and other downloads even from such "trusted" app stores like the Google Play.
“This can be done by refusing excessive or unfamiliar installation or runtime permission requests. Also by regularly updating apps to fix any security issues, and by avoiding any known unsafe apps.” - TradeArabia News Service