Welcome, Guest. Please login or register.

Author Topic: Google pulls dozens of fake security apps which secretly stole data  (Read 293 times)

0 Members and 1 Guest are viewing this topic.

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8749
  • Gender: Male
    • Tech Forum
Quote


Dozens of fake security apps which secretly stole data from users have been discovered on and subsequently removed from Google Play.

Cybersecurity firm Trend Micro found 36 apps on Google Play which "secretly harvested user data, tracked user location, and aggressively pushed advertisements."

It is not known how many people could have downloaded these apps before Trend Micro's researchers informed Google, and they were subsequently removed from Google Play.

Google did not respond to enquiries from Sky News.

Bharat Mistry, principal security strategist at Trend Micro, told Sky News: "Malicious apps are starting to become more common globally as cybercriminals are starting to realise the potential to easily monetise the wealth of sensitive personal information."

Dr Michael Covington, vice president at mobile security company Wandera, told Sky News: "Malicious content on a mobile phone is becoming the new normal.

"We used to see attackers targeting users on desktops with dangerous e-mail attachments or malicious downloads in a browser. On mobile it is far easier to trick the user into downloading a malicious app or tapping on a phishing SMS.

"Mobile malware is up 100% year-over-year and there are no signs of slowing," said Dr Covington. "Further, the severity of mobile malware is up over 400% year-over-year."

An Indian student checks her mobile phone in Mumbai on May 1, 2015. India raised a record USD17.6 billion during intense bidding on a government auction of wireless spectrum recently in one of the world's largest smartphone markets. The new spectrums for traditional voice and faster data services are seen as crucial for companies competing in the cut-throat Indian market, which has around 952 million mobile subscribers, according to figures released by India's telecoms regulator, TRAI. AFP PHOTO
Image:
Fake security apps have been found stealing data from Android phones
The malicious apps that Trend Micro found only targeted Android phones.

"Android tends to have more malware for a variety of reasons.

"For starters, there's the issue of platform diversification. With so many manufacturers building devices that run Android, Google cannot be as stringent with their app reviews. Google is notorious for having a more lax app review process than Apple," said Dr Covington.

"The perception is fake apps are more likely to be prevalent on Android than iOS platforms primarily due to Android's open community and developer platform which allows users to install applications from trusted and untrusted stores easily without little or no modification on the device," agreed Mr Mistry.

"Attackers targeting mobile users don't care what platform their victim prefers. Our research indicates that there are more malicious apps on Android, whereas iOS users are more likely to encounter a phishing attack," said Dr Covington.

Galaxy S8
Image:
Android may have more malicious apps, while iOS users get phished
How to protect yourself?

"First and foremost always use a reputable app store such as Apple's App Store or Google Play," said Mr Mistry.

"Secondly, before downloading an application, look at the developer and make sure that is also from a reputable source, ie do a separate search on the Internet about the developer and the application name to check the reputation of an application.

https://news.sky.com/story/google-pulls-dozens-of-fake-security-apps-which-secretly-stole-data-11197167
PlusNet VDSL Fibre 40/10
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

Offline fudgietheoriginal

  • Full-Time Member
  • ****
  • Posts: 432
"First and foremost always use a reputable app store such as Apple's App Store or Google Play," said Mr Mistry.

"Secondly, before downloading an application, look at the developer and make sure that is also from a reputable source, ie do a separate search on the Internet about the developer and the application name to check the reputation of an application.


Not so sure that the above advice would have helped, if the suspect apps were on google play store in the first place.  ;)

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8749
  • Gender: Male
    • Tech Forum
I know each app should be inspected as they are submitted...otherwise whats the point of the "DONT INSTALL FROM UNKNOWN SOURCES" option in the Android phones....same thing really
PlusNet VDSL Fibre 40/10
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

 

Powered by EzPortal
anything