Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2013
    S M T W T F S
    « Aug   Oct »
  • Email Subscription

  • About Us

    Archive for September 17th, 2013

    The existence of fake mobile apps poses privacy and financial risks to users of the mobile web. As experts figure out the dangers of the consumerization and the lack of security of mobile devices, fake apps continue to grow.

    Fake apps usually ride on the popularity of legitimate apps—for example, recently fake emails said that users had received voice mail from WhatsApp. These fake messages try to trick users to download them onto their mobile devices, from which they usually perform a combination of these malicious routines:

    • send text messages to premium-rate numbers,
    • steal data,
    • control device for botnet operations,
    • alter default text and background,
    • lock device,
    • send GPS location, and more.

    Russia, a Big Fake Apps Player

    Recent Trend Micro research on SMS fraud found that fake apps that abuse premium mobile services have their roots in Russia and are expanding from there. Russia is the top target for premium service abusers in part because there are few standard app stores in the country, which makes third-party app stores popular.

    Figure 1. Countries most affected by SMS fraud

    Cybercriminals will continue to broaden their coverage to other countries and regions. Given the lucrative ways that mobile devices can be abused, it is highly likely that many cybercriminals will move to mobile platforms as their primary income source. This month’s mobile review talks about why searching for popular apps is becoming dangerous – thanks to fake apps.

    Inside a Premium Service Abuse Infection

    Fake apps that abuse premium mobile services go through a series of stages before enrolling a user without their consent. Our infographic The High Cost of Premium Service Abusers conveniently explains the four stages of a premium service abuse infection and why downloading these apps is just the first of a list of concerns.

    Posted in Bad Sites, Malware, Mobile | Comments Off on Connecting the Dots: Fake Apps, Russia, and the Mobile Web

    During last week’s Apple iPhone announcement, one of the standout features that was mentioned was the 5s’s fingerprint sensor, called Touch ID. With this technology, iPhone users can substitute the use of passwords to unlock the home screen and verify purchases in iTunes and App Store.

    Substitute is the operative word. Technology like Touch ID may well become a good added layer for securing accounts against hackers and even malware, but it will be a very long time before we can forgo all passwords entirely.

    From a security standpoint, Touch ID looks good on paper that hopefully also translates in the real world (hands-on demos are mostly positive, but we’ll see more once iPhone 5s rolls out in December). Biometrics is not new, and we’ve seen in the past how Play-Dohs can trick fingerprint sensors. The iPhone 5s will not even be the first phone to introduce fingerprint scanning, which shows that technologies like these need to be implemented properly, especially when being introduced to oft-demanding consumer market.

    Exception Rather Than The Rule

    It should also be said that technologies like these are more of the exception rather than the rule. Granted, other services may well be thinking of their own ways to address the “password problem.” For instance, a day prior to the Apple event, a Google executive was quoted as saying that “passwords are done” and that they are finding ways to innovate. Until such time that these innovations become mainstream (and hopefully standardized), users will still have to log on to their accounts by using passwords.

    We should also consider the fact that most users have more than one device to access online accounts, and these devices have their own hardware specifications. Touch ID may work well in purchasing songs via iPhone—and maybe soon in other Apple products, but if you’re going to have to access iTunes via PC, you still need your password.

    Passwords are Still Key, But Manage Them Properly

    The bottom line here is that passwords are still an important security aspect on everyone’s digital life. Granted, managing them can be a tedious task—length and complexity are needed now more than ever, especially now that even long passphrases can be brute forced. Secure computing habits, password managers like Trend Micro DirectPass, and even the built-in security features of mobile phones and other devices (yes, like the upcoming Touch ID) can help.

    To know more on how to secure your passwords across multiple devices, check out our latest Digital Life e-Guide below:


    For further reading:


    Posted in Bad Sites | Comments Off on Fingerprint Scans, Passwords, and Managing Online Accounts


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice