Christmas-Themed Shopping, Game and Chat Apps Found Malicious, Lure Users with Deals
Security researchers caution Android users when downloading apps for shopping, games, and Santa video chats as they found hundreds of malicious apps likely leveraging the season to defraud unwitting victims. A scan of thousands of apps revealed seven with malicious routines such as replacing the legitimate apps with a version downloaded from a command and control (C&C) server. They also found 35 apps containing adware with more invasive behaviors than standard in-app advertisements, and 165 apps enabling “excessive or dangerous combinations of permissions,” such as camera, microphone, contacts and text messages. Researchers from Barracuda Networks recommend that users examine the apps they download to their phones, especially as online shopping and banking are expected to reach new heights this year.
[Read: Online shopping trends and threats]
Invasive adware were reportedly related to DIY gift projects and used suspicious ad networks by displaying catchy deals and coupons. Cybercriminals can go after banking, email, and access credentials by replacing legitimate website forms, or by using malware or injected skimmers. The researchers noted the excessive permissions that users may grant apps can be used to steal stored information from the devices such as contacts for phishing and spam campaigns, as well as banking authentication tokens via SMS messages when shoppers finalize their purchases online.
Here are a few best practices to note when downloading apps and shopping online:
- Check app reviews on reputable websites
- Review the access permissions being requested by the app and evaluate if they are necessary for the functions of the app
- Directly type the retailers’ websites, and avoid clicking on URLs found in emails and text messages, especially from unknown senders
- Limit the amount of personal information provided to websites and apps
- Regularly update devices’ operating systems and apps
Users and enterprises can take advantage of multilayered mobile security such as the Trend Micro™ Mobile Security for Android™ solution. Trend Micro Mobile Security for Enterprise provides device, compliance and application management, data protection, and configuration provisioning, as well as protects devices from attacks that exploit vulnerabilities, prevents malicious and unauthorized access to apps, and detects and blocks malware and fraudulent websites. Trend Micro’s Mobile App Reputation Service (MARS) covers Android threats using leading sandbox and machine learning technologies, protecting devices against malware, zero-day and known exploits, malicious apps, privacy leaks, and application vulnerabilities.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases