External Threat Management

The Mobile Cyber Threat Landscape Continues to Expand

Findings from the 2015 VDBIR show mobile malware is still only a tiny fraction of all malware found in the wild. However, a new report suggests that mobile malware is in fact on the rise. Its findings indicate there will soon be 2 million mobile malware strains. The data from the new report was covered in Dark Reading. “The trend is heading upward”, says Andy Hayter, Security Evangelist for G DATA. “Android [malware] is growing and Android [malware] is profitable”.

Because Android licenses its Android platform, control of the operating system with which many users interact is decentralized. Manufacturers will tinker with the base OS in order to package in ‘value added’ software. This added complexity makes Android inherently less secure.

A high profile example of this was recently reported on by CNN Money, which claimed that as many as 600 million Samsung phones were exposed to hackers due to a code vulnerability. The vulnerability was created by Samsung's addition of a third-party keyboard application. The issue appeared to be somewhere in the integration process as the stand alone keyboard application available in app stores does not have the same vulnerability.

Mobile is a complicated technology and determining what constitutes cyber threats shouldn’t be cut-and-dry. RiskIQ released findings that as many as 40k potentially dangerous Android-based mobile banking apps exist in dozens of mobile app stores around the globe.

In the findings we discovered manipulated versions of branded banking apps, third-party developed financial services apps, bank account login aggregators, etc. All these apps were either developed by third-party developers and displayed dangerous behavior either because of malware or because of the data they were programmed to access.

In some cases the apps connected on the backend to insecure URLs and many were connecting to private VPNs, etc. All advertised functionality that required the exchange of sensitive data.. Adware was also highly present in the sample, as well as examples of what is typically considered malware—e.g. SVpeng.

Each app uncovered was capable of capturing sensitive user data, compromising user trust, and breaking compliance. However, malware wasn’t always technically present. By compromising regular channels of communication via app permissions, cyber thieves can capture troves of valuable data without ever tripping an AV scanner. The question is, what category would these apps fall into? These aren’t standard signature based cyber threats.

RiskIQ has visibility into over 140 active mobile stores and 9 million+ mobile applications. The data collected ecompasses signature based cyber threats as well as other mobile-based cyber threats like rogue apps.

That is a main reason why leading global banks, insurance brands, and other highly security conscious organizations like DocuSign have turned RiskIQ to solve mobile app security problems. There is recognition that consumers are in danger due to mobile cyber threats, and that measures need to be taken to secure customers and protect the brand.

For more data on mobile cyber threats check out our report titled, “Who’s Minding the Store”. If you have any questions please contact us directly or via Twitter @riskiq.net.

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor