Malicious software enters phones through clones of popular apps
Print Edition
MALICIOUS software is increasingly making its way into mobile phones through “cloned” versions of popular applications, and software weaknesses in legitimate ones, security researchers said yesterday.
McAfee Labs said in its quarterly threat assessment that weaknesses in app security is becoming a growing problem for owners of mobile devices.
In some cases, cybercriminals can exploit the popularity of an app by creating a clone, which can extract personal data or even allow an attack to gain control of the device.
This was the case with “Flappy Birds,” a mobile game which saw a meteoric rise but was later withdrawn by its creator.
McAfee Labs sampled 300 Flappy Bird clones and found that almost 80 percent contained malware.
“Some of the behavior we found includes making calls without the user’s permission; sending, recording, and receiving SMS messages; extracting contact data; and tracking geolocation. In the worst cases, the malware gained root access, which allows uninhibited control of anything on the mobile device including confidential business information,” the report said.
The McAfee report said some legitimate apps have security flaws which can be exploited by hackers.
The researchers said they found an Android trojan “which exploits an encryption method weakness in the popular messaging app WhatsApp” and then steals conversations and pictures stored on the device.
“Although this vulnerability has now been fixed, we can easily imagine cybercriminals continuing to look for other flaws in this well-known app,” the report said.
The researchers have also found a malware that can steal money from a digital wallet.
One of the malware programs identified “is disguised as an update for Adobe Flash Player or another legitimate utility app,” and can take over a digital wallet to send a money transfer to the attacker’s server.
“Mobile malware has recently started to use legitimate apps and services, in addition to a platform’s standard features, to circumvent conventional surveillance by app stores and security products,” the report said.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 沪ICP证:沪ICP备05050403号-1
- |
- 互联网新闻信息服务许可证:31120180004
- |
- 网络视听许可证:0909346
- |
- 广播电视节目制作许可证:沪字第354号
- |
- 增值电信业务经营许可证:沪B2-20120012
Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
