• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Fake mobile applications put users at risk: Spotting frauds and protecting data

Fake mobile applications put users at risk: Spotting frauds and protecting data

  • Posted on:October 18, 2014
  • Posted in:Current News, Industry News, Mobility, Vulnerabilities & Exploits
  • Posted by:
    Trend Micro
0

Users today utilize more applications on a daily basis than they might realize. From weather and email to social media and mobile shopping, applications have even surpassed their desktop-based counterparts in some instances. What’s more is that this trend toward the mobile platform will only continue to rise as wearable devices and the Internet of Things matures.

When large numbers of potential targets are on a single platform, cybercriminals are sure to be lurking as well. Such is the case with the application world.

“As the number of mobile device users grow, so do the number of apps available to their users,” noted a Trend Micro white paper, “Fake Apps Feigning Legitimacy.” “However, because cybercriminals always go where the money goes, attacks targeting mobile devices and their users will continuously grow in number as well.”

Mobile apps provide a range of attack strategies for hackers, but one that has recently been on the rise is the creation of fake applications that trick users into downloading malware, exposing their personal information and damaging their devices.

A look at the fake application landscape
According to Trend Micro’s white paper, while there may be more fake programs in the wild than many would think, not all of these are seeking to pull the rug out from under users. After examining the top 50 apps within the Google Play store, researchers found that 77 percent of these programs had fake versions in existence.

Delving further into this issue, researchers looked at more than 890,000 sample fake applications taken from a range of different sources. Of these, just under 60,000 were discovered to have aggressive adware and about 394,000 included malware. Overall, just over half – 51 percent – of these applications were deemed malicious.

Fraudulent antivirus applications
Through its research, Trend Micro discovered that one of – if not the – most common legitimate application types leveraged by hackers are antivirus programs. Security is a top concern for many users, and as a result, a good portion of these individuals seek out protection solutions, including mobile antivirus. However, cybercriminals use this to their advantage and create dangerous, fake versions of these programs to trick individuals into thinking that they’re being protected from threats, when they’re actually opening themselves up to malicious risks.

According to the white paper, one such program is FAKEAV, an Android-targeting sample. It was first detected in 2012 and continued to claim victims in 2013. One such sample specifically mirrored the design style of the existing, legitimate Bitdefender program. This strategy is malware authors’ way to get their foot in the door, so to speak, and allows for further malicious processes to be carried out once the application is downloaded.

“This fake app spoofed Bitdefender’s name and asked victims to install it with administrator privileges so it would be harder to remove,” Trend Micro noted. “Like rogue antivirus on computers, the app fakes device scanning and shows bogus infections to convince users to purchase its full version.”

Android ‘Fake ID’ vulnerability
A more recent example of the damage fraudulent applications can do involves Android ‘Fake ID,’ a vulnerability that was discovered earlier in 2014. Lacoon Mobile Security reported that this exploitable loophole in the operating system allows cybercriminals to falsify the identity of and compromise specific applications. This enables hackers to connect with the sensitive user data the application may collect and offers the potential to take over the device remotely.

ZDNet noted that this vulnerability was an issue with Android since its 2.1 version. In a nutshell, Fake ID provides the opportunity for malware to be presented as a previously-approved program. According to Bluebox, the security firm that first discovered Fake ID, the vulnerability can then “be used by malware to escape the normal application sandbox and take one or more malicious actions: insert a Trojan horse into an application by impersonating Adobe Systems; gain access to NFC [Neat Field Communication] financial and payment data by impersonating Google Wallet; or take full management control of the entire device by impersonating 3LM,” a part of the Android enterprise security suite.

Thankfully, after the vulnerability was discovered, Google quickly patched it.

Application safety: Download with care
The bottom line here is that users need to be aware of these types of threats, and ensure that they are only downloading legitimate, secure programs onto their mobile devices. While it can sometimes be difficult to spot a malicious application, users can check a few things to help better protect their devices.

After investigating the abilities and protocols of the app itself – including what permissions the program requires – users should take a look at the reviews left by others. These can be a good way to spot a fraud. If a number of these reviews are similarly worded, or come from the same person, it could be a sign that the malware author is taking extra steps to legitimize the app and trick users. If there are no reviews at all, users should be wary of downloading as this could also be a sign of a malicious program.

If users are still unsure as to the legitimacy of the program, they should look into details about the developer. The details of the application will oftentimes provide the name of the individual or company that created the program. Taking a moment to check up on this person or firm could help differentiate a fraud.

Related posts:

  1. Fake mobile applications put users at risk: Spotting frauds and protecting data
  2. Mobile malware continues to rise: Protecting your smartphone
  3. Trend Micro Mobile Security Protecting You From Prying Eyes
  4. Protect Yourself Against Fake Banking Apps with Trend Micro Mobile Security for Android

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.