Mobile security: There’s a bad app uprising

In June, a report found a near 15% increase in blacklisted mobile apps that have been deemed dangerous by experts. This increase came after nine month of decline. The findings were part of an analysis by security firm RiskIQ, which analyzed more than two million new apps and more than 120 mobile app stores available worldwide.

Interestingly, the number of blacklisted apps in the Google Play Store dropped for the second consecutive quarter and has fallen nearly 64% since the third quarter of 2018. During the fourth quarter of 2019 and the first quarter of this year, the firm found about 38,000 apps offered by Google that were blacklisted. Not an insignificant number of rogue and risky apps, but also a small number when compared to the pool of available applications.

Cloud Native Now

How does RiskIQ define blacklisted apps? According to the company, blacklisted apps are those apps found on at least one blacklist, such as VirusTotal. A blacklist hit from VirusTotal shows that at least one vendor has flagged the file as suspicious or malicious. The percentage of blacklisted apps relative to the total number of apps known by RiskIQ increased to nearly 2%, a .9% increase over Q4 2018, the firm said.

Many of the mobile attacks last year, such as credit card stealing malware Magecart, managed to wreak havoc on retailers. And, as always, Trojan horse apps — those apps that pretend to be something that they are not and turn out to be malicous — are common. Currently, those apps often take the form of a cryptocurrency exchange service or cryptocurrency wallet.

What’s the advice to stay safe?

“Users should be discerning and skeptical when downloading anything and have passive protection such as antivirus software along with regular backups. Watch out for malicious apps mimicking reputable, highly downloaded apps,” wrote RiskIQ. “There is a persistent problem of lookalike apps. This tactic is effective because our brains recognize and make instantaneous judgments about visual stimuli. So, when you see an app with the same logo as that popular encrypted messenger, it is easy to choose it without noticing that the name has a trailing period that should not be there,” the firm added.

Users should also check their app permissions, regularly, the firm added, so make sure that apps can’t do more than they should be able. While antivirus software can help, especially when it comes to known malicious code, RiskIQ advised backups being the best defender. “If you find you have installed an app that spams you with links or tries to force downloads—or it turns out to be a lookalike or disappears after installation or one use—having regular, recent backups lets you wipe the phone and restore it to a safe state,” the company wrote.

*** This is a Security Bloggers Network syndicated blog from Cybersecurity Matters – DXC Blogs authored by Cybersecurity Matters. Read the original post at: