The common belief is that it was safe to download from official apps stores like Google Play or Apple App Store. Sadly, that is not the case with both having been compromised of late.
TrendMicro has found more than 400 “Trojanised apps” in Google Play and more than 3000 in third-party app stores. This article is specifically about Android devices.
TrendLabs says that mobile threats have rapidly grown in a few months. Its Mobile App Reputation Service (MARS) has found 16.6 mobile million malware detections to August 2016, a 40% jump from January.
Essentially these are legitimate apps including games, skins, themes, cheats, or utilities that have been weaponised to carry a payload – adware, malware, spyware, or even to set up a botnet. Because the code has only been altered to incorporate a payload, the apps work as advertised. For example, the app called Mod GTA 5 for Minecraft PE that has been downloaded at least half a million times.
{loadposition ray}
New corporate threat
A new threat called DressCode by Trend Micro is particularly concerning as it gives attackers an avenue into internal networks – a notable risk if the device connects to company networks.
DressCode installs on a BYOD mobile device and lies dormant until it senses a connection to a network. It then contacts the command and control (C&C) server for instructions. Once it receives a “Create, <Attacker IP> command, a TCP connection is established between it and the attacker allowing the attacker to send commands via the SOCKS protocol. Then it is turned into a Proxy Server — best described as a tunnel that can bypass the NAT firewall — and access the network and other devices on the network.
The general purpose tunnel can control and give commands to the device – turn other connected devices into bots and build a botnet, launch distributed denial-of-service (DDoS) attacks, or send spam email campaigns. The botnet can use the proxied IP addresses also generated by the malware to create fake traffic, disguise ad clicks, and generate revenue for the attackers.
According to Trend Micro data, 82% of businesses implement BYOD or allow employee personal devices for work-related functions.
Trend says the cure is to use mobile device management (MDM) software to secure the handset and an encrypted VPN for all company communications. Corporate users should avoid rooting, jailbreaking and using third party app stores.