External Threat Management

RiskIQ’s Q3 2018 Mobile Threat Landscape Report: Total Apps Rise, Magecart Infiltrates Mobile

The digital revolution has caused businesses to venture outside the safety of corporate perimeters into the expanses of the open internet where they can make more frequent and more meaningful touchpoints with employees, prospects, and customers. Unfortunately, this also makes them a target for a new breed of attackers that level internet-scale threats at their digital attack surface, a varied collection of client-facing assets outside the firewall that hackers can and will discover as they research their next threat campaigns.

A significant portion of this digital attack surface is the mobile channel.

To highlight the mobile threat landscape in the third quarter of 2018, RiskIQ applied its crawling platform, which monitors 300+ mobile app stores around the world and leveraged our daily scans of nearly 2 billion resources to look for mobile apps in the wild.

These blacklisted apps featured a host of familiar threats such as brand imitation, phishing, and malware. The mobile threat landscape also saw Magecart, the infamous web-based javascript skimmer, infiltrate after simultaneously compromising the website and mobile app of British Airways.

Q3 showed a nearly 220 percent increase in blacklisted apps over Q2—apps matching against at least one blacklist such as VirusTotal, which, per its website, inspects files or web pages with over 70 antivirus products and other tools. A blacklist hit from VirusTotal shows that at least one vendor has flagged the file as suspicious or malicious. However, due to a surge in total apps observed, the percentage of blacklisted apps dropped from 4% in Q2 to 3% in Q3.

Fig-1 Q3 saw a spike in blacklisted mobile apps

With a proactive, store-first scanning mentality, RiskIQ observes and categorizes the threat landscape as a user would see it. Every app we encounter is downloaded, analyzed, and stored. RiskIQ also records changes and new versions of apps as they evolve. In this report, we’ll give an overview of these mobile threats, as well as emerging trends we anticipate will be prevalent in the future, to help you protect yourself and your customers.

Download RiskIQ's Q3 Mobile Landscape Report for key mobile threat insights including;

  • % increase in blacklisted apps over Q2
  • Total new apps in Q3
  • How Magecart infiltrated the mobile threat ecosystem

RiskIQ automatically runs all mobile applications encountered through a variety of blacklists, including VirusTotal. We differ from other monitoring systems that rely on end users employing their virus scanning tools and/or manual sample submissions. RiskIQ provides discovery across all major app stores as well as more than 150 others, including focused coverage of high-risk stores and regions for brand impersonation, malware, and fraud.

In addition to comprehensive coverage of third-party app stores worldwide, RiskIQ incorporates a unique source of “feral app” binaries, or mobile apps collected outside of dedicated mobile app stores, via drive-by download for example.

To read more about how RiskIQ can help with your mobile security, click here.

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor