14 Apr Be Wary of High-Risk Mobile Apps
April 14, 2021
The steep rise in the number of smartphone users today has paved the way to the exponential growth in the usage of mobile apps, and their development shows no signs of slowing down.
In fact, the majority of Americans spend 88% of their mobile time on apps, a potential bonanza for cybercriminals. Besides the vulnerabilities being discovered on the mobile platforms themselves (Android and iOS), mobile app vulnerabilities have also increased and more are expected in the future.
We’ve put together a shortlist of hot and commonly used apps that may pose a risk to your mobile devices today. Watch out for these app themes to avoid becoming a victim.
Fake COVID-19 Apps
COVID-19 contact tracing apps are being used in many cities, provisioned by government agencies. People are required to register and fill forms asking for personal data such as complete name, address, contact number, and travel history. Cybercriminals create apps that resemble the official versions of the tracing apps, with the malicious intent to steal sensitive personal information and distribute malware to devices to steal banking credentials.
Security researchers found 12 malicious Android applications disguising as COVID-19 contact tracing apps. These apps are found to contain a range of malware families, primarily the banking Trojan Anubis. This Trojan monitors activities on the device and is capable of hijacking a session. It can abuse the WebView feature to display the apps’ content on a web page. Once this data is exposed, it can then be used to carry out overlay techniques to steal payment data or become an attack vector for phishing.
Social Media Apps
Vulnerabilities of some mainstream social media apps were found in 2020, like the multiple flaws discovered on the popular video-sharing app, TikTok.
Researchers from Oversecured, a mobile app security service provider, explained that there are four high-severity flaws in the app, and one of these vulnerabilities could let an attacker steal arbitrary files from the device. The flaw affected the com.ss.android.ugc.aweme.livewallpaper.ui.LiveWallPaperPreviewActivity. Exploiting the flaw required user interaction and could give read-only access to arbitrary files.
TikTok has already released a patch to remedy the identified vulnerabilities, and users should be safe from any potential issues that may arise by exploiting these bugs. All Android TikTok users should ensure that they have the latest app versions running on their devices, but keep an eye out for future TikTok exploits.
Mobile Payment Scams
The pandemic created a cashless ecosystem via mobile payment technology that allows people to receive and send money through apps like Venmo and Cash App on their mobile devices.
As these apps have become more popular, threat actors may try to use them to steal your money through fake money transfer schemes, as was reported by the Better Business Bureau, where scammers trick victims into sending money through CashApp.
Scammers will attempt to dupe victims using phishing emails or text messages asking them to send money through mobile payment apps. If you don’t recognize the request to be valid, don’t just click on any links. Log in to the app itself to verify any request for money.
The Federal Trade Commission provides a guide on how mobile payment apps work and how to avoid sending money to a scammer. It’s a useful reference to protect your e-wallets.
QR Code Abuse (Qshing)
Quick Response (QR) codes made an epic comeback in 2020 since COVID-19 forced us to no-touch policies and practices. This two-dimensional barcode can be easily read by the camera on your smartphones, letting you pay a merchant, link to a contact tracing site, or even download an app.
A simple yet highly effective malicious attempt would be distributing a QR Code and barcode scanner that includes adware or makes your mobile device behave oddly upon installation. Trend Micro found two barcode reader apps in Google Play will start to show unusual behavior on your mobile device when downloaded.
Another would be posting a QR code containing a link to a website with embedded malware that infects the user’s device with a Trojan or steals personal data. Watch out for these!
How to Protect Yourself from Malicious Apps?
Mobile apps clearly provide ease-of-use in our daily activities, but scams and fraud are very high lately, with threat actors preying mainly on the confusion and fear brought by COVID-19.
First, you should download apps only from trusted sources such as Google Play and Apple’s App Store.
Second, make sure to use the official website of the government, public health department, or the official provider for the app before you give out any of your personal data.
Lastly, install a mobile security app to keep your smartphones safe and secure. Trend Micro Mobile Security has the most up-to-date protection you need on your mobile devices. In addition to a malware and virus scan, Mobile Security can detect fake apps that can potentially steal your private and sensitive information.
You can download Trend Micro Mobile Security for both your Android and iOS (with a secure QR Code scanner) devices.
The Trend Micro QR Code scanner is also available for free on the Google Play store.