Cyber criminals are now turning to application stores, traditionally considered a safe destination for downloading mobile apps, to plant malware in phones.
Recently, cyber security solutions provider Symantec had detected an application on Google Play Store — Beaver Gang Counter — that masquerades as a score keeping app for a popular card game. However in reality, once installed on the device, this application secretly starts searching media files related to Viber. Once it finds them, it sends them to a remote server.
While applications are mostly verified before being published on the official Android store, some manage to slip past the store’s upfront security checks.Viber
“Viber is an extremely popular social media app with over 500 million installs on Google Play alone. The data stolen by the malware could be used for a number of nefarious purposes such as identity theft, blackmail, fraud, or pornography,” Symantec said in a blogpost.
Symantec had alerted Google about this issue and in response they removed this app and developer from Google Play Store.
The discovery of this app, it added, demonstrated that having photos stolen from devices is also a risk Android users needed to be aware of. Some time ago, private photographs of some celebrities were leaked online, with reports suggesting that the attackers gained access to their Apple iCloud accounts.
“Mobile devices connect us to the world, storing our most personal and valuable information in digital form. However, this freedom complicates our security, and in fact mobile apps may present significant challenges to protecting our privacy. It might surprise you to learn that most threats to sensitive information on mobile devices are hidden in plain sight — in apps,” Ritesh Chopra, Country Manager, India, Norton by Symantec, said.
He added that many apps accessed or shared private, sensitive data without the users’ knowledge or full understanding. Norton researchers recently found that globally, of the 10.8 million apps analysed by them, almost 3.3 million were classified as malware, a 230 per cent increase from 2014.
The study suggested that close to 40 per cent respondents granted permission to access their camera, bookmarks and browser history in exchange for free apps. “Thus, while apps are fun, boost your productivity and make your life easier, certain “rogue” apps can carry significant risks,” Mr. Chopra added.
Meanwhile, a Google spokesperson said: “While we don’t comment on specific apps, we can confirm that our policies are designed to provide a great experience for users and developers. That’s why we remove apps from Google Play that violate those policies.”
To stay protected from such mobile threats, Symantec recommends that users refrain from downloading apps from unfamiliar sites and install apps only from trusted sources. Besides, close attention should be paid to the permissions that apps request.Anti-virus updates
Users should avoid apps with a poor or non-existent reputation and any app that no one knows about should not be trusted. It is also important that mobile software, including anti-viruses are kept updated.
Earlier, Symantec had also found a bug in a popular local food and restaurant recommendation site Burrp, which ultimately allowed cyber criminals to take over users’ system to encrypt files and later demand ransom to decrypt the same files. Most of the users who have been impacted by this attack are based in the U.S. and India.