Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

10/24/2019
11:30 AM
50%
50%

Mobile Users Targeted With Malware, Tracked by Advertisers

Cybercriminals continue to seed app stores with malicious apps, advanced attackers successfully compromise mobile devices, and advertisers continue to track users, new reports show.

The ubiquity of mobile devices continues to attract attackers as malicious apps have surged 20% across third-party app stores, advertisers and tracking firms account for nine of 10 API calls for top mobile applications, and nation-state actors increasingly target mobile devices, according to a trio of reports released this week.

In one measure of the threat, the number of malicious apps blacklisted by RiskIQ increased 20% over the previous quarter and accounted for 2.1% of all apps tracked by RiskIQ - up from 1.95%, the company stated in its quarterly mobile threat report released on Oct. 24.

In a separate report, security-solutions provider Blackberry Cylance found that a collection of nation-state actors — including China, Iran, and North Korea — have honed their ability to develop and deploy Android and iOS malware over more than a decade. The strong security of mobile platforms has increased gray-market prices for "zero-click exploits" — attacks that can automatically infect devices — to jump to $1 million for Android and $2.5 million for iOS devices, but the platforms still are not immune to attack, says Brian Robison, chief security evangelist at BlackBerry Cylance.

"This preconceived notion that app-store apps are actually safe is a fallacy," he says. "The motivation behind the app stores have very little to do with security, and much more with protecting the app store's profit margins as well as protecting the ways developers make money."

Because so much user activity is conducted on mobile devices, they have naturally become a focus for third parties. While cybercriminals continue to strive to convince users to download and install malicious mobile apps, developers' reliance on third-party advertising frameworks and other software development kits means that a host of companies have a detailed view into what consumers are doing on their devices.  

In a study of the ten most popular apps in the shopping and food-and-drink categories, The Media Trust, a security and privacy firm, found that 9 out of every 10 times an application reached out to the Internet, the software was contacting a third-party provider. On average, 13 third parties were privy to information during the installation of the software, while 23 vendors tracked purchases. About 70% of the cookies dropped by third parties were advertisers or ad-server networks. Another 18% of the cookies belonged to firms that tracked user behavior.

Often, even the app developers do not know all the third-party activity going on behind the scenes, The Media Trust said.

"App publishers should work with experts on monitoring their apps for unauthorized actors and activities," the company stated in the report. "These third parties collect user information in real-time, ranging from data users enter to screenshots. Policing these third and nth parties' activities is both time- and resource-intensive because of the digital supply chain's lack of transparency, dynamism, and complexity."

Advanced-threat groups, primarily nation-state actors, have also targeted mobile applications. Driven by two main goals, economic and political espionage and surveillance of dissidents and perceived threats, nation-state actors are targeting mobile devices because of their ubiquity. The assumption that the mobile ecosystem can protect mobile users from such a class of attackers is spurious, says Blackberry Cylance's Robison.

"Definitely the attackers are getting far more sophisticated," he says. "The mobile devices are getting far more complex, and it is easier to hide code in different areas and trick users to install the attacker's code."

Some Good News

Not all news is bad for mobile security. While advanced attackers have been able to circumvent the security of devices, the app stores are getting better are finding malicious applications and much of the increase in malicious applications is due to a few app stores, where "you're almost guaranteed to download a malicious app if you choose to patronize it," according to RiskIQ's report.

Google for years has focused on cleaning up bad actors on its Play store, and as a result, users have less chance of encountering malicious applications on the store, according to security firm RiskIQ. The number of blacklisted apps in Google's Play store decreased by 59%, the company's report stated.

"I doubt that the problem will ever fully be resolved just due to the nature and complexity of the Android ecosystem," says Jordan Herman, a threat researcher at RiskIQ. "However, we've seen steady declines in both the actual numbers of malicious apps in their store and in the percentage of newly blacklisted apps versus the total newly added apps. It seems that their efforts are paying off."

For the average person who is not a dissident and who does not shop third-party app stores, the most significant threat is the surveilling and profiling conducted by third-party advertising firms. Consumers should focus on reviewing the privacy practices and statement of third party firms and look out for apps the require too many permissions, he says.

"Regardless of what store an app comes from, check the permissions the app is asking for," says Herman. "If the permissions are unnecessary for the app's purpose, or the permissions seem numerous, closer scrutiny of the app is not a bad thing."

Related Content

 

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3035
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
CVE-2021-3036
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
CVE-2021-3037
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
CVE-2021-3038
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
CVE-2021-3506
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...