Malicious Android apps downloaded 'over 2 billion times', report claims

Proofpoint's new report shows that malicious androids apps were downloaded two billion times and explains how attackers are not targeting systems but the humans behind them.

Proofpoint's new report labels Android OS as a big target for attackers
Proofpoint's new report labels Android OS as a big target for attackers

Proofpoint's "human factor" report, which collects data from customers around the world,  has shown that people were happy to download malicious apps for Android over two billion times.

The report notes that “malicious apps are an attractive vector for attackers. Unlike email-based campaigns, which rely on spam messages to millions of users, an app placed in a single store can reach millions of potential users.”

Android takes up by far the largest market share of any smartphone operating system - 81 percent according to Gartner - providing attackers with a vast space to attack.

Most popular among these malicious apps are games and entertainment applications, often cloned versions of real, more popular apps which charge for downloads.

Furthermore, mobile apps from 'rogue' marketplaces affect nearly half of enterprises, according to the report. Forty percent of the enterprises that ProofPoint researchers looked at had malicious apps from these so called rogue marketplaces.

Many of these rogue marketplaces work for users whose phones haven't even been jailbroken, and users who download apps from here are four times more likely to download a malicious app.

The report's other findings include the fact that people, not automated exploits, are now attackers' favourite entry tactic: nearly 100 percent of attachment-based campaigns relied on social engineering to attack.

Continuing that trend towards attacking the human as opposed to the technology, phishers morphed their tactics in new and interesting ways.

Nearly three-quarters of the URLs used in phishing attacks sent the unfortunate user to credential phishing pages as opposed to ones loaded with malware.

The most effective phishing lures were links that share files and images from sources like Google Drive, one of the world's most popular office apps. The report notes, "Phishing emails that use these brands are more likely to succeed at tricking the user into clicking, especially if the victim receives the message from someone in their contacts list. These brand lures are effective because these services are familiar, and the user is used to clicking to sign in to view shared content."

Whaling, or the rich man's phishing, also proved popular among the ill-intentioned. Whaling involves phishing someone within an organisation with access to bank accounts, and then conning that person, under the guise of a trusted colleague, into transferring large amounts of cash into the attacker's bank account.

Attackers are also honing their techniques, timing their assaults to the points of the day when their targets are busiest and least suspicious. Attacks through social media were launched at times when social media traffic was highest and phishing emails were timed to arrive in inboxes as people were getting into offices. 

While email kept its place as the number one favourite attack vector, customer service account phishing is growing fast. Attackers will create a fake social media account for the customer service section of a trusted brand and coax gullible customers into handing over their credentials.

The report notes, "Distinguishing fraudulent social media accounts from legitimate ones is difficult: we found that 40 percent of Facebook accounts and 20 percent of Twitter accounts claiming to represent a Fortune 100 brand are unauthorised. For Fortune 100 companies, unauthorised accounts on Facebook and Twitter make up 55 percent and 25 percent of accounts, respectively."