Users today utilize more applications on a daily basis than they might realize. From weather and email to social media and mobile shopping, applications have even surpassed their desktop-based counterparts in some instances. What’s more is that this trend toward the mobile platform will only continue to rise as wearable devices and the Internet of Things matures.
When large numbers of potential targets are on a single platform, cybercriminals are sure to be lurking as well. Such is the case with the application world.
“As the number of mobile device users grow, so do the number of apps available to their users,” noted a Trend Micro white paper, “Fake Apps Feigning Legitimacy.” “However, because cybercriminals always go where the money goes, attacks targeting mobile devices and their users will continuously grow in number as well.”
Mobile apps provide a range of attack strategies for hackers, but one that has recently been on the rise is the creation of fake applications that trick users into downloading malware, exposing their personal information and damaging their devices.
A look at the fake application landscape
According to Trend Micro’s white paper, while there may be more fake programs in the wild than many would think, not all of these are seeking to pull the rug out from under users. After examining the top 50 apps within the Google Play store, researchers found that 77 percent of these programs had fake versions in existence.
Delving further into this issue, researchers looked at more than 890,000 sample fake applications taken from a range of different sources. Of these, just under 60,000 were discovered to have aggressive adware and about 394,000 included malware. Overall, just over half – 51 percent – of these applications were deemed malicious.
Fraudulent antivirus applications
Through its research, Trend Micro discovered that one of – if not the – most common legitimate application types leveraged by hackers are antivirus programs. Security is a top concern for many users, and as a result, a good portion of these individuals seek out protection solutions, including mobile antivirus. However, cybercriminals use this to their advantage and create dangerous, fake versions of these programs to trick individuals into thinking that they’re being protected from threats, when they’re actually opening themselves up to malicious risks.
According to the white paper, one such program is FAKEAV, an Android-targeting sample. It was first detected in 2012 and continued to claim victims in 2013. One such sample specifically mirrored the design style of the existing, legitimate Bitdefender program. This strategy is malware authors’ way to get their foot in the door, so to speak, and allows for further malicious processes to be carried out once the application is downloaded.
“This fake app spoofed Bitdefender’s name and asked victims to install it with administrator privileges so it would be harder to remove,” Trend Micro noted. “Like rogue antivirus on computers, the app fakes device scanning and shows bogus infections to convince users to purchase its full version.”
Android ‘Fake ID’ vulnerability
A more recent example of the damage fraudulent applications can do involves Android ‘Fake ID,’ a vulnerability that was discovered earlier in 2014. Lacoon Mobile Security reported that this exploitable loophole in the operating system allows cybercriminals to falsify the identity of and compromise specific applications. This enables hackers to connect with the sensitive user data the application may collect and offers the potential to take over the device remotely.
ZDNet noted that this vulnerability was an issue with Android since its 2.1 version. In a nutshell, Fake ID provides the opportunity for malware to be presented as a previously-approved program. According to Bluebox, the security firm that first discovered Fake ID, the vulnerability can then “be used by malware to escape the normal application sandbox and take one or more malicious actions: insert a Trojan horse into an application by impersonating Adobe Systems; gain access to NFC [Neat Field Communication] financial and payment data by impersonating Google Wallet; or take full management control of the entire device by impersonating 3LM,” a part of the Android enterprise security suite.
Thankfully, after the vulnerability was discovered, Google quickly patched it.
Application safety: Download with care
The bottom line here is that users need to be aware of these types of threats, and ensure that they are only downloading legitimate, secure programs onto their mobile devices. While it can sometimes be difficult to spot a malicious application, users can check a few things to help better protect their devices.
After investigating the abilities and protocols of the app itself – including what permissions the program requires – users should take a look at the reviews left by others. These can be a good way to spot a fraud. If a number of these reviews are similarly worded, or come from the same person, it could be a sign that the malware author is taking extra steps to legitimize the app and trick users. If there are no reviews at all, users should be wary of downloading as this could also be a sign of a malicious program.
If users are still unsure as to the legitimacy of the program, they should look into details about the developer. The details of the application will oftentimes provide the name of the individual or company that created the program. Taking a moment to check up on this person or firm could help differentiate a fraud.