Malicious software is increasingly making its way into mobile phones through "cloned" versions of popular apps, and software weaknesses in legitimate ones, security researchers said Tuesday.
McAfee Labs said in its quarterly threat assessment that weaknesses in app security is becoming a growing problem for owners of mobile devices.
In some cases, cybercriminals can take advantage of the popularity of an app by creating a clone, which can extract personal data or even allow an attack to gain control of the device.
This was the case with "Flappy Birds," a mobile game which saw a meteoric rise but was later withdrawn by its creator.
McAfee Labs sampled 300 Flappy Bird clones and found that almost 80 percent contained malware.
"Some of the behavior we found includes making calls without the user's permission; sending, recording, and receiving SMS messages; extracting contact data; and tracking geolocation. In the worst cases, the malware gained root access, which allows uninhibited control of anything on the mobile device including confidential business information," the report said.
The McAfee report said some legitimate apps have security flaws which can be exploited by hackers.
The researchers said they discovered an Android trojan "which exploits an encryption method weakness in the popular messaging app WhatsApp" and then steals conversations and pictures stored on the device.
"Although this vulnerability has now been fixed, we can easily imagine cybercriminals continuing to look for other flaws in this well-known app," the report said.
- Digital pickpockets -
The researchers also said they identified malware can steal money from a digital wallet.
One of the malware programs identified "is disguised as an update for Adobe Flash Player or another legitimate utility app," and can take over a digital wallet to send a money transfer to the attacker's server.
"Mobile malware has recently started to use legitimate apps and services, in addition to a platform's standard features, to circumvent conventional surveillance by app stores and security products," the McAfee report said.
"Consequently, protecting only the underlying platform is no longer sufficient. We believe that developers need to protect their apps and services from unauthorized and malicious use."
McAfee's Vincent Weafer said people may be lulled into a false sense of security about mobile apps.
"We tend to trust the names we know on the Internet," Weafer said.
"The year 2014 has already given us ample evidence that mobile malware developers are playing on these inclinations, to manipulate the familiar, legitimate features in the mobile apps and services we recognize and trust."
GMT 17:42 2018 Wednesday ,31 October
Launch of cargo spacecraft Progress MS-10 to ISS set for 16 NovemberGMT 14:18 2018 Saturday ,27 October
First launch of Soyuz-FG booster after Oct 11 incident scheduled on 16 NovGMT 16:58 2018 Monday ,22 October
Report on Soyuz-FG vehicle malfunction to be approved on 30 OctoberGMT 22:05 2018 Friday ,19 October
NASA chief believes human mission to Mars should become international projectGMT 16:31 2018 Monday ,15 October
Roscosmos chief to inform NASA and ESA on probe into Soyuz booster incidentGMT 18:09 2018 Thursday ,11 October
Russia to provide NASA with full information on Soyuz emergency landingGMT 16:09 2018 Thursday ,11 October
President Putin to receive report on aborted Soyuz space launch to ISSGMT 10:49 2018 Friday ,19 January
Amazon narrows list of 'HQ2' candidates to 20Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Send your comments
Your comment as a visitor