Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

10/24/2019
11:30 AM
50%
50%

Mobile Users Targeted With Malware, Tracked by Advertisers

Cybercriminals continue to seed app stores with malicious apps, advanced attackers successfully compromise mobile devices, and advertisers continue to track users, new reports show.

The ubiquity of mobile devices continues to attract attackers as malicious apps have surged 20% across third-party app stores, advertisers and tracking firms account for nine of 10 API calls for top mobile applications, and nation-state actors increasingly target mobile devices, according to a trio of reports released this week.

In one measure of the threat, the number of malicious apps blacklisted by RiskIQ increased 20% over the previous quarter and accounted for 2.1% of all apps tracked by RiskIQ - up from 1.95%, the company stated in its quarterly mobile threat report released on Oct. 24.

In a separate report, security-solutions provider Blackberry Cylance found that a collection of nation-state actors — including China, Iran, and North Korea — have honed their ability to develop and deploy Android and iOS malware over more than a decade. The strong security of mobile platforms has increased gray-market prices for "zero-click exploits" — attacks that can automatically infect devices — to jump to $1 million for Android and $2.5 million for iOS devices, but the platforms still are not immune to attack, says Brian Robison, chief security evangelist at BlackBerry Cylance.

"This preconceived notion that app-store apps are actually safe is a fallacy," he says. "The motivation behind the app stores have very little to do with security, and much more with protecting the app store's profit margins as well as protecting the ways developers make money."

Because so much user activity is conducted on mobile devices, they have naturally become a focus for third parties. While cybercriminals continue to strive to convince users to download and install malicious mobile apps, developers' reliance on third-party advertising frameworks and other software development kits means that a host of companies have a detailed view into what consumers are doing on their devices.  

In a study of the ten most popular apps in the shopping and food-and-drink categories, The Media Trust, a security and privacy firm, found that 9 out of every 10 times an application reached out to the Internet, the software was contacting a third-party provider. On average, 13 third parties were privy to information during the installation of the software, while 23 vendors tracked purchases. About 70% of the cookies dropped by third parties were advertisers or ad-server networks. Another 18% of the cookies belonged to firms that tracked user behavior.

Often, even the app developers do not know all the third-party activity going on behind the scenes, The Media Trust said.

"App publishers should work with experts on monitoring their apps for unauthorized actors and activities," the company stated in the report. "These third parties collect user information in real-time, ranging from data users enter to screenshots. Policing these third and nth parties' activities is both time- and resource-intensive because of the digital supply chain's lack of transparency, dynamism, and complexity."

Advanced-threat groups, primarily nation-state actors, have also targeted mobile applications. Driven by two main goals, economic and political espionage and surveillance of dissidents and perceived threats, nation-state actors are targeting mobile devices because of their ubiquity. The assumption that the mobile ecosystem can protect mobile users from such a class of attackers is spurious, says Blackberry Cylance's Robison.

"Definitely the attackers are getting far more sophisticated," he says. "The mobile devices are getting far more complex, and it is easier to hide code in different areas and trick users to install the attacker's code."

Some Good News

Not all news is bad for mobile security. While advanced attackers have been able to circumvent the security of devices, the app stores are getting better are finding malicious applications and much of the increase in malicious applications is due to a few app stores, where "you're almost guaranteed to download a malicious app if you choose to patronize it," according to RiskIQ's report.

Google for years has focused on cleaning up bad actors on its Play store, and as a result, users have less chance of encountering malicious applications on the store, according to security firm RiskIQ. The number of blacklisted apps in Google's Play store decreased by 59%, the company's report stated.

"I doubt that the problem will ever fully be resolved just due to the nature and complexity of the Android ecosystem," says Jordan Herman, a threat researcher at RiskIQ. "However, we've seen steady declines in both the actual numbers of malicious apps in their store and in the percentage of newly blacklisted apps versus the total newly added apps. It seems that their efforts are paying off."

For the average person who is not a dissident and who does not shop third-party app stores, the most significant threat is the surveilling and profiling conducted by third-party advertising firms. Consumers should focus on reviewing the privacy practices and statement of third party firms and look out for apps the require too many permissions, he says.

"Regardless of what store an app comes from, check the permissions the app is asking for," says Herman. "If the permissions are unnecessary for the app's purpose, or the permissions seem numerous, closer scrutiny of the app is not a bad thing."

Related Content

 

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35519
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel i...
CVE-2021-20204
PUBLISHED: 2021-05-06
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbi...
CVE-2021-30473
PUBLISHED: 2021-05-06
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
CVE-2021-32030
PUBLISHED: 2021-05-06
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_chec...
CVE-2021-22209
PUBLISHED: 2021-05-06
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.