Malicious Code Hidden in SmartPhone Apps

Lookout, a mobile security company, has issued a report that illustrates the rise of applications infected by malware (programs built with a malicious intent) on mobile platforms. I was particularly interested by how “pirates” can sneak malicious code in apps that were originally legitimate.

The graph above shows that a malicious that instead of creating a bogus application from scratch, pirates have adapted to using popular and legitimate applications has “hosts” for their malicious code. They start by adding code to an already existing app, then submit this application to a 3rd party app store where the original app may not already reside (each app has a unique ID for each store). To lure unsuspecting users to download the app, the pirates use advertising, phishing or spam sites – whichever works better.Users may be using an infected app, and never realize it. This is dangerously smart and is a much more efficient way to spread malware, and that's why it is so dangerous. Of course, you can reduce the odds of being a victim by sticking to the official store, but it's not that hard to be fooled or too trusting.

This is definitely not the only way to get into a user's phone, but the distribution potential is much greater than when the pirates create a seemingly legitimate app from the ground up. Once in place, the malicious code can send SMS and charge a wireless carrier for small amounts – name it, and the pirates have thought of it.

Although the odds of being attacked are relatively low, they are rising, and you can protect yourself by being more aware when dealing with 3rd party stores that you don't trust.

Lookout's report is of course far from being selfless: it is a way to educate consumers about the dangers lurking around, but also to tell them that there is a way to protect oneself… by using their product.

Although we can disagree on the magnitude of the problem, and the level of real danger, it is good to be aware that such threats exists.
source: Ubergizmo

Related Post:

News

• ChevronWP7 officially closes up shop for good, hands out App Hub memberships
• Verizon expands 4G LTE coverage in the West
• Plume for Android Update Adds ICS Elements
• UC Browser 8.2 for Android takes a crack at the US market
• Safely Phone Controls on Android announced
• Sony CEO Kaz Hirai to reveal new strategy on April 12th
• AT&T 4G LTE Coming to Bloomington, IN and Bryan-College Station, Texas April 8th
• Google acquires TxVia in an effort to expand Google Wallet
• Instagram for Android Now Available!
• PayPal Here Launches in Canada, Google Earth for Android and iOS Reaches Version 6.2 & Sparrow Launches Email Client for iOS With Gorgeous UI