Business

Cyber firm cautions mobile users against ‘rogue’ apps

Close to 40% of respondents gave access to their data to download free apps

Cyber criminals are now turning to application stores, traditionally considered a safe destination for downloading mobile apps, to plant malware in phones.

Recently, cyber security solutions provider Symantec had detected an application on Google Play Store — Beaver Gang Counter — that masquerades as a score keeping app for a popular card game. However in reality, once installed on the device, this application secretly starts searching media files related to Viber. Once it finds them, it sends them to a remote server.

While applications are mostly verified before being published on the official Android store, some manage to slip past the store’s upfront security checks.

Viber

“Viber is an extremely popular social media app with over 500 million installs on Google Play alone. The data stolen by the malware could be used for a number of nefarious purposes such as identity theft, blackmail, fraud, or pornography,” Symantec said in a blogpost.

Symantec had alerted Google about this issue and in response they removed this app and developer from Google Play Store.

The discovery of this app, it added, demonstrated that having photos stolen from devices is also a risk Android users needed to be aware of. Some time ago, private photographs of some celebrities were leaked online, with reports suggesting that the attackers gained access to their Apple iCloud accounts.

“Mobile devices connect us to the world, storing our most personal and valuable information in digital form. However, this freedom complicates our security, and in fact mobile apps may present significant challenges to protecting our privacy. It might surprise you to learn that most threats to sensitive information on mobile devices are hidden in plain sight — in apps,” Ritesh Chopra, Country Manager, India, Norton by Symantec, said.

He added that many apps accessed or shared private, sensitive data without the users’ knowledge or full understanding. Norton researchers recently found that globally, of the 10.8 million apps analysed by them, almost 3.3 million were classified as malware, a 230 per cent increase from 2014.

The study suggested that close to 40 per cent respondents granted permission to access their camera, bookmarks and browser history in exchange for free apps. “Thus, while apps are fun, boost your productivity and make your life easier, certain “rogue” apps can carry significant risks,” Mr. Chopra added.

Meanwhile, a Google spokesperson said: “While we don’t comment on specific apps, we can confirm that our policies are designed to provide a great experience for users and developers. That’s why we remove apps from Google Play that violate those policies.”

To stay protected from such mobile threats, Symantec recommends that users refrain from downloading apps from unfamiliar sites and install apps only from trusted sources. Besides, close attention should be paid to the permissions that apps request.

Anti-virus updates

Users should avoid apps with a poor or non-existent reputation and any app that no one knows about should not be trusted. It is also important that mobile software, including anti-viruses are kept updated.

Earlier, Symantec had also found a bug in a popular local food and restaurant recommendation site Burrp, which ultimately allowed cyber criminals to take over users’ system to encrypt files and later demand ransom to decrypt the same files. Most of the users who have been impacted by this attack are based in the U.S. and India.

A letter from the Editor


Dear reader,

We have been keeping you up-to-date with information on the developments in India and the world that have a bearing on our health and wellbeing, our lives and livelihoods, during these difficult times. To enable wide dissemination of news that is in public interest, we have increased the number of articles that can be read free, and extended free trial periods. However, we have a request for those who can afford to subscribe: please do. As we fight disinformation and misinformation, and keep apace with the happenings, we need to commit greater resources to news gathering operations. We promise to deliver quality journalism that stays away from vested interest and political propaganda.

Support Quality Journalism
Recommended for you
This article is closed for comments.
Please Email the Editor

Printable version | Jun 5, 2020 5:36:53 PM | https://www.thehindu.com/business/Cyber-firm-cautions-mobile-users-against-%E2%80%98rogue%E2%80%99-apps/article14469059.ece

Next Story