Cybersecurity News South Africa

More and more apps vulnerable to malware

WASHINGTON, USA: Malicious software is increasingly making its way into mobile phones through "cloned" versions of popular apps, and software weaknesses in legitimate ones, security researchers warn.
McAfee's Vincent Weafer says malware is a growing threat for smartphones. Image:
McAfee's Vincent Weafer says malware is a growing threat for smartphones. Image: SC Magazine

McAfee Labs said in its quarterly threat assessment that weaknesses in app security are becoming a problem for owners of mobile devices.

In some cases, cybercriminals can take advantage of the popularity of an app by creating a clone, which can extract personal data or even allow an attacker to gain control of the device.

This was the case with "Flappy Birds," a mobile game which saw a meteoric rise but was later withdrawn by its creator.

McAfee Labs sampled 300 Flappy Bird clones and found that almost 80% contained malware.

"Some of the behaviour we found included making calls without the user's permission; sending, recording, and receiving SMS messages; extracting contact data; and tracking geolocation. In the worst cases, the malware gained root access, which allows uninhibited control of anything on the mobile device including confidential business information," the report said.

The McAfee report said some legitimate apps have security flaws which can be exploited by hackers.

Android trojan surfaces

The researchers said they discovered an Android trojan, which exploits an encryption method weakness in the popular messaging app WhatsApp and then steals conversations and pictures stored on the device.

"Although this vulnerability has now been fixed, we can easily imagine cybercriminals continuing to look for other flaws in this well-known app," the report said.

The researchers said they identified malware that can steal money from a digital wallet.

One of the malware programs identified is disguised as an update for Adobe Flash Player or another legitimate utility app and can take control of a digital wallet to send a money transfer to the attacker's server.

"Mobile malware has recently started to use legitimate apps and services, in addition to a platform's standard features, to circumvent conventional surveillance by app stores and security products," the McAfee report said.

"Consequently, protecting only the underlying platform is no longer sufficient. We believe that developers need to protect their apps and services from unauthorised and malicious use."

McAfee's Vincent Weafer said people may be lulled into a false sense of security about mobile apps. "We tend to trust the names we know on the Internet," Weafer said.

"This year has already given us ample evidence that mobile malware developers are playing on these inclinations, to manipulate the familiar, legitimate features in the mobile apps and services we recognise and trust," he added.

Source: AFP via I-Net Bridge

Source: I-Net Bridge

For more than two decades, I-Net Bridge has been one of South Africa’s preferred electronic providers of innovative solutions, data of the highest calibre, reliable platforms and excellent supporting systems. Our products include workstations, web applications and data feeds packaged with in-depth news and powerful analytical tools empowering clients to make meaningful decisions.

We pride ourselves on our wide variety of in-house skills, encompassing multiple platforms and applications. These skills enable us to not only function as a first class facility, but also design, implement and support all our client needs at a level that confirms I-Net Bridge a leader in its field.

Go to: http://www.inet.co.za
Let's do Biz