Trend Micro has found 375 examples of mobile malware apps with World Cup lures, detailed in a 12 June blog by mobile threats analyst Veo Zhang, who warns that the apps are “lurking” in unauthorised/third-party app download stores, with most of them being variants of prevalent mobile malware families.
The discovery follows hot on the heels of attacks on World Cup sponsors and Brazilian government websites by hacktivist group Anonymous, and numerous phishing scams targeting fans.
The malware families found by Trend include App Fakery (ANDROIDOS_OPFAKE.CTD) and SMS Stealer (ANDROIDOS_SMSSTEALER.HBT). App Fakery works by mimicking popular mobile World Cup apps then, once installed, can subscribe the victim to premium services and steal data such as their contact list and messages.
SMS Stealer works in a similar way but can also block SMS messages, send unauthorised messages and download extra malware from its command and control server.
David Sancho, senior anti-virus researcher at Trend Micro, told SCMagazineUK.com via email: “Fakery and SMS stealers are generic names for apps that fake other apps - with added malicious content - and have C&C capabilities and SMS interception.”
Other exploits found by Trend include a new Trojan variant of App Fakery that charges users exorbitant fees for premium services they never actually used, and a World Cup slot game betting app (ANDROIDOS_MASNU.HNT) that filters payment confirmation messages so users don't realise how much money they've actually spent playing the game.
Zhang added: “Besides these malware, we also found quite a few high-risk apps also themed after the World Cup. Most, if not all, sport some sort of information theft routine, as well as pushing ad notifications/unwanted app advertisements.”
The revelations come the day after SCMagazineUK.com reported Anonymous has mounted a series of DDoS and website defacement attacks on sites run by World Cup sponsors and the Brazilian Government. The sponsors included Adidas, Budweiser, Coca-Cola, McDonalds, Sony and Visa.
They also follow numerous reports of World Cup-themed phishing scams in the run-up to the tournament – all of it threatening to overshadow the party started when Brazil won their opening match against Croatia 3:1 on Thursday.
But independent security consultant and cyber crime expert Adrian Culley, a former detective in Scotland Yard's computer crime unit, said these sorts of attacks have to be expected.
“We saw a range of concerted attacks at the UK Olympics two years ago, and it is no shock we are now finding World Cup-related cyber crime particularly aimed at Android and iOS phone users,” he told SC via email.
“The focus of major sporting events, quite rightly, should be entertainment and enjoyment. But sadly there is no shortage of criminals who seek to exploit this, seeking profit whilst people's guard may be down. These large events are highly attractive to criminals using social engineering techniques coupled with cyber know-how.”
Trend's Zheng advises: “While it may be a fact of life that big sporting events will inevitably have some sort of cyber criminal attack or campaign following close behind, being a victim of them isn't. Users are reminded not to download anything from third-party app download sites, and to utilise mobile security solutions in order to keep their mobile devices secure.”
Culley echoed this saying: “People should be wary of unauthorised apps - though don't miss out on the many excellent authorised ones. Also take special care to check for unauthorised transactions in any account you have associated with the purchase of online gaming credits, such as iTunes. As ever, always be careful what you click on. Avoid unofficial apps connected with the event.”
Meanwhile Carl Herberger, VP of security solutions at security firm Radware, told SC via email: “All eyes are on the World Cup and as there is a fervour from those who wish to be part of this global event, it has become a target-rich environment to spread malware to an extremely large and global audience. Fans who download apps or visit World Cup-related websites need to exercise extreme caution by visiting secured or trusted sources.”