Study: Cloned mobile apps on the rise

News by Steve Gold

New research adds fuel to the idea that mobile apps are riddled with malware that abuses the popularity, features and vulnerabilities of legitimate apps and services.

The key problem, according to this month's McAfee's Threat Analysis, is that clones of legitimate apps cause the most hassle for users - infecting smartphones and allowing the handset to make calls without user permission, install additional apps, exfiltrate contact list data and establish root access for uninhibited control over anything on the device.

This was clearly the case with Flappy Birds - a mobile game which saw a meteoric rise but was later withdrawn by its creator. The report notes that, after sampling 300 Flappy Bird clones, it found almost 80 percent of the clones contained malware.

"Some of the behaviour we found includes making calls without the user's permission; sending, recording, and receiving SMS messages; extracting contact data; and tracking geo-location. In the worst cases, the malware gained root access, which allows uninhibited control of anything on the mobile device including confidential business information," reads the report.

It goes onto say that researchers discovered an Android Trojan that exploits an encryption method weakness in the popular messaging app WhatsApp, stealing conversations and pictures stored on the device.

"Although this vulnerability has now been fixed, we can easily imagine cybercriminals continuing to look for other flaws in this well-known app," concludes the analysis.

Interestingly, researchers said they had spotted malware that can steal money from a digital wallet, with malware disguised as an update for Adobe Flash Player or another legitimate utility app and which can take over a digital wallet to send a money transfer to the attacker's server.

McAfee's analysis seems to confirm Lookout Security's report in February - `Mobile threats, Made-to-Measure' report ' - which made the observation that, not only are attackers viewing mobile as a new avenue to spread malicious code, but that they are also spreading their attacks out by region to maximise profitability and to avoid potential detection.

Delving into the McAfee report reveals that the total malware sample count in the McAfee Labs `zoo' broke the 200 million count barrier in Q1-2014, growing by 167 percent between Q1-2013 and Q1-2014.

In addition, McAfee says that new suspect URLs set a three-month record with more than 18 million - a 19 percent increase over Q4-2013 and the fourth straight quarterly increase.

"We tend to trust the names we know on the internet and risk compromising our safety if it means gaining what we most desire," said Vincent Weafer, senior vice president for McAfee Labs, adding that developers must become more vigilant with the controls they build into these apps, and users must be more mindful of what permissions they grant.

According to Dan Drummond, a technical consultant with Apadmi, the mobile apps specialist, popular games and apps - like Flappy Bird - will always be rich targets for unscrupulous malware authors, as they only have to fool a small proportion of the users who are looking to download the legitimate app in order to gain a large number of installs.

"This is less of an issue on iOS than it is on Android due to Apple's tightly-controlled submission process, which weeds out many of these clone apps. However Google's Play Store is likely to be safer than many third-party app stores which may not be doing any sort of vetting of apps at all," he said, adding that some of this malware will rely on users not checking the permissions that apps request when installing them.

"Unfortunately in recent weeks Google has made this more difficult, by grouping permissions together, and only showing broad categories when installing apps from the Play Store," he said.

"This means users must be more vigilant than ever, and ensure that they check that the permissions requested are in line with the type of app they are installing," he added.

This is especially difficult when children have their own devices, and it is important that parents ensure their children are educated on the dangers that exist - and are taught to either check with a parent before installing new apps or games, or to recognise permissions that are dangerous themselves," he explained.

Drummond went on to say that other types of malware will attempt to subvert devices via known and unknown security flaws, and in these cases it is vital that users keep up to date with the latest software updates from their device manufacturers, which will contain fixes for these.

"This advice goes for individual apps too, which may receive updates periodically to fix security holes," he concluded.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews