It is no surprise that mobile phones pose a substantial security risk to their users’ data and privacy. From SMS phishing to mobile botnets, these devices can become vehicles for cybercriminals looking to attack someone or collect information. Malicious mobile applications add to these growing mobile security threats. These applications act as a medium for gathering sensitive information, including, and not limited to, location, phone number, and other personally identifiable information. Besides putting the user at risk, these applications can prove a threat to the vast network that these devices are connected to. Fortunately, there are a few ways one can avoid malicious apps, and keep their mobile devices safe.
The outrageous growth of malicious mobile applications and malware is ultimately caused by revenue generation. Cyber-attacks are conducted via premium rate SMS attacks wherein they hijack a user’s device to send paid messages around and collect the revenue. Adware is another source of income for attackers as they gain ad impressions and app downloads through forceful redirects and downloads. Cryptocurrency mining has also played a role in the growth of malicious apps, as fake apps with mining capabilities continue to flood the marketplace.
Generally, users download applications from a few reputable online stores, such as Google Play, the App Store, Samsung Galaxy Apps, etc. Although the high volume of applications in these stores makes it a challenge to analyze each one, most apps featured in these stores have been vetted or pruned. The lesser-known third-party application stores are often filled with apps laden with malware. Some categories of applications are more likely to contain malware than others. Here are some arranged by the likelihood of malware presence:
- Lifestyle apps (27.3%)
- Music and Audio (19.7%)
- Books and Reference (9.9%)
- Entertainment (6.2%)
- Tools (5.5%)
Grayware – What exactly are the criteria to term an application malicious? As you may suspect, the answer is not a clear cut one, particularly because of the rise in “grayware” applications. Grayware is an umbrella term for all kinds of applications that are troublesome for users but are not to be termed completely malicious. These applications can include hack tools, access ware, spyware, adware, dialers, and joke programs, that often spam recipients with pop-up ads or site redirects. Grayware is capable of leaving a device vulnerable to more severe types of malware, such as viruses and Trojan horses.
Some of these apps intentionally hinder user attention by going invisible after installation. Once downloaded, these apps typically disappear and erase their tracks while they continue to harvest sensitive user information. Other types of apps will wait for a particular amount of time to pass before initializing the data harvesting to avoid raising suspicion.
Avoiding Malicious Applications
Fortunately, malicious mobile applications are avoidable threat. Here are a few things to remember before you download an app.
- Keep your mobile device updated.
- Download applications from reputable app stores only.
- Check the logos carefully. Many malicious apps will mimic well-known brands with unnoticeable differences to appear legitimate.
- Read the permissions carefully requested by apps before granting them.
- Install a mobile security application like the Microsoft Enterprise Mobile Suite + Security or Microsoft EMS to secure your personal and official data.
- Routinely create a back-up of sensitive/important information.
