Why would malware suppliers like a tainted application to contaminate your smartphone? There are two fundamental reasons for this: money and information. There are untold applications out there that never came with a vindictive sting. So how would they stay away from infection, and in any case how does malware get into an application?
Tainted applications everywhere
A study published as part of the ANDRUBIS project in 2014 looked at one million Android apps (precisely 1,034,999). The sampled apps came from a wide range of sources, including unofficial marketplaces, torrents, and pirated apps (as well as the Google Play Store) are known to be available.
Of the 125,602 Google Play Store sampled apps, 1.6 percent were malicious (that’s 2,009).
Unfortunately, the App Store’s malicious app data is rare. There are several well – documented cases of malicious application activity on iOS devices. But — and this is a major selling point for iOS — compared to their Android counterparts, they are greatly minimized. Take these two figures that contrast. The 2015 Mobile Threat Report from Pulse Secure estimated that for Android, 97 percent of all mobile malware is written. The 2017 report from the F – Secure State of Cyber Security raises this figure to 99 %.Then consider that only 0.7 percent of mobile malware was written for iOS in 2013 as estimated by the U.S. Department of Homeland Security. The two major mobile operating systems contrast fortunes.
How to infect apps
Who do you think an application will infect? The manufacturer? Crime bands? Misleading people? Maybe even the government? Well, in some ways, they’re okay.
Most evident is the rogue developer: an individual who designs and advertises apps with malicious capabilities on the Play Store (or an equivalent). Fortunately, there aren’t many of these people for you and me.
That’s probably for one reason: the amount of effort needed to develop, launch, and build an app that just turns it malicious is … well, too damn high. By the time the app became popular enough to truly profit from (be it through advertising clicker or data theft), the malicious developer may well be making more revenue from advertising.
We see malicious code inserted in an existing app far more commonly, and then republished. A number of different techniques are used in this process.
Republication of application
Malware infects legitimate apps downloaded from an official app store. They are then republished in a litany of app stores (legally or otherwise) using their official name.
Small variants in the app name are a key feature of republishing the application. It’s going to be Microft Word instead of Microsoft Word (the official release of Microsoft). Okay, that’s an awful example, but you’re getting the gist.
Android ransomware, Charger, used this tactic, as did Skinner (among other tactics), malvertising – malware.
A legitimate developer of the app will sell their valued app from time to time. Users are coming along with the app. In addition, the possibility of pushing trusted updates to existing users is available.
There are no documented cases of this particular attack method yet. However, receiving requests for acquisition is not uncommon for popular app developers. There are similar occurrences with regard to Chrome Extensions. A popular Chrome extension, along with thousands of users, with permission to access user data, is a real goldmine. Honey’s developers, an auto-coupon extension, turned down the malicious person.
Amit Agarwal’s experience was completely different. He sold his Chrome Extension to an unknown individual, only to find the next app update (out of his hands) “incorporated advertising into the extension.” His work, which only took an hour to produce in his own words, had become the vehicle for advertising injection.
Do you have any help from Apple or Google?
The technology giants have a responsibility to protect their users as owners of the largest and most popular app repositories. They’re doing most of it. It is harmful for their users to infest their store, as well as their reputation for malicious apps. But the way is led by one company.
Without a doubt, Apple is on the road to protecting iOS users from malicious apps. The creation and uploading of an app to the App Store is more complex, requiring multiple checks and sign-offs before hitting the storefront. Moreover, an iOS app has a smaller range of devices to cater for, over a smaller range of versions of the operating system. Norms are generally higher than those of Android as such.
To reduce the number of malicious apps featured in the Play Store, Google had to work hard. Google has introduced Play Protect, a “safety blanket for your mobile device,” with its reputation at risk. Play Protect actively scans your device for malicious applications. Play Protect also constantly scans the Play Store itself for malicious applications, suspends developers, and removes the offending material.
While Google and Apple are working together to keep malware free of our devices, malware authors are trying to avoid detection. Irritating, but comprehensible.
There are some common ways for an attacker to hide their malicious code:
- Upon installation, download the malicious code.
- Hide the malicious code from the “clean” code.
- Time delay/instruct app to wait until the payload is downloaded or deployed.
- Rely on external source delivery (e.g. malvertising).
- Mask the malicious app in a different medium.
As you can see, there are many ways of keeping a malicious app or malicious code hidden from users within an app (let alone the app store from which they are downloaded).
Steer mobile malware clear
There are a number of ways that malicious code can enter an app, as you’ve seen. In addition, malicious actors have several methods at their disposal to keep malicious code out of view until it is deployed to your smartphone.
So how can you avoid downloading a malicious app?
- Download apps only from official app stores …
- … And avoid the stores of third parties.
- Check that you are downloading from an app developer that is official or reputable.
- Read reviews of apps. They’re going to give you the information you need.
- Keep app verification tools all the time switched on.
- Don’t be fooled by free app offers.
- Keep up to date your phone!
There are plenty of malicious apps out there, particularly if you use an Android device. But you and your device will stay in good health by understanding the threats and sticking to our quick tips.
Did you find any mobile malware? What was the variation you experienced? Your smartphone’s end result? Is it accurate to say you used an Android gadget or an iOS? Finally, let us know in the remarks below your versatile malware encounters!