TMCnet News
UPDATE -- Malicious Apps in Global App Stores Increase, Leading to Emergence of WireX Mobile Botnet, RiskIQ's Q3 Mobile Threat Landscape Report FindsSAN FRANCISCO, Dec. 12, 2017 (GLOBE NEWSWIRE) -- Malicious mobile apps are back on the rise, impersonating brands and fooling consumers, according to digital threat management leader RiskIQ in its Q3 mobile threat landscape report, which analyzed 120 mobile app stores and more than 2 billion daily scanned resources. In listing and analyzing the app stores hosting the most malicious mobile apps and the most prolific developers of malicious apps, the report documents an increase in blacklisted apps over Q2, as well as the continued issues of imitation and trojan apps in official app stores and the emergence of the massive WireX mobile botnet. Feral apps and Google Play are main sources of blacklisted apps Other leading blacklisted app sources Rounding out the top four, ApkFiles rocketed to a huge number (25,545) in Q1 and then dropped off in Q2 before recovering slightly in Q3. Meanwhile, 97 percent of 9game.com’s 6,052 apps (most of which purport to be games) were flagged as malicious. Based on this data, RiskIQ concluded that some stores are being created and pumped up with huge numbers of malicious apps in short order. The firm’s researchers speculate that this could be in concert with a particular campaign or to make detection of known bad stores more difficult.
One way malicious apps spread is through imitating others that are well known and popular. The report found that antivirus, dating, messaging, and social networking apps are favorite targets for this game. The Google Play store, in particular, is fertile ground for these attacks. Querying RiskIQ data for apps in the Play store since the start of Q3—containing the word “WhatsApp” and excluding any from the official WhatsApp developer—returned 497 entries. The same query for Instagram returned 566 entries. Avast anti-virus was copied by a developer, DevTech Inc.., which has four other apps in the store since September—including a clone of Waze. WireX mobile botnet emerges Around 300 apps tied to WireX were identified in total, a subset of which was found in official app stores, such as the Play store. Google moved to block these apps and to remove them from all Android devices. These apps masquerade as media and video players, ringtones, and storage managers. Once installed, they activate hidden functionality to communicate with command and control servers and launch attacks, whether the app is in use or not. In this instance, extraordinary collaboration among security professionals was able to hamstring WireX before it could launch more devastating attacks. However, the botnet is not dead, and researchers are still encountering examples of its malicious apps in the wild. It may not be long before the rise of a new mobile botnet built through the spread of malicious Android apps. “Securing the mobile app ecosystem continues to be a challenge for app stores of all sizes, but efforts to improve version control, monitor for abuse, employ verification techniques, and offer security education can help,” said Mike Wyatt, director of Product Operations at RiskIQ. “Tracking the use of brand names and likeness is an equally daunting challenge for corporations. Brands should evaluate and implement solutions that constantly monitor their digital footprint online and in mobile app stores.” For specific metrics or to learn more, download the RiskIQ Q3 2017 Mobile Threat Landscape Report at https://www.riskiq.com/research/2017-q3-mobile-threat-landscape-report/. About RiskIQ Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/. To learn more about RiskIQ, visit https://www.riskiq.com. Contact |