Science & technology
Malware worms its way into more apps
Publish Date: Jun 24, 2014
Malware worms its way into more apps
Researchers say they have identified malware can steal money from a digital wallet. PHOTO/AFP
  • mail
  • img
newvision

WASHINGTON - Malicious software is increasingly making its way into mobile phones through "cloned" versions of popular apps, and software weaknesses in legitimate ones, security researchers said Tuesday.

McAfee Labs said in its quarterly threat assessment that weaknesses in app security is becoming a growing problem for owners of mobile devices.

In some cases, cybercriminals can take advantage of the popularity of an app by creating a clone, which can extract personal data or even allow an attack to gain control of the device.

This was the case with "Flappy Birds," a mobile game which saw a meteoric rise but was later withdrawn by its creator.

McAfee Labs sampled 300 Flappy Bird clones and found that almost 80 percent contained malware.

"Some of the behavior we found includes making calls without the user's permission; sending, recording, and receiving SMS messages; extracting contact data; and tracking geolocation. In the worst cases, the malware gained root access, which allows uninhibited control of anything on the mobile device including confidential business information," the report said.

The McAfee report said some legitimate apps have security flaws which can be exploited by hackers.

The researchers said they discovered an Android trojan "which exploits an encryption method weakness in the popular messaging app WhatsApp" and then steals conversations and pictures stored on the device.

"Although this vulnerability has now been fixed, we can easily imagine cybercriminals continuing to look for other flaws in this well-known app," the report said.


In January, Snapchat said it would release an updated version of its app after hackers downloaded usernames and phone numbers for 4.6 million accounts

Digital pickpockets

The researchers also said they identified malware can steal money from a digital wallet.

One of the malware programs identified "is disguised as an update for Adobe Flash Player or another legitimate utility app," and can take over a digital wallet to send a money transfer to the attacker's server.

"Mobile malware has recently started to use legitimate apps and services, in addition to a platform's standard features, to circumvent conventional surveillance by app stores and security products," the McAfee report said.

"Consequently, protecting only the underlying platform is no longer sufficient. We believe that developers need to protect their apps and services from unauthorized and malicious use."

McAfee's Vincent Weafer said people may be lulled into a false sense of security about mobile apps.

"We tend to trust the names we know on the Internet," Weafer said.

"The year 2014 has already given us ample evidence that mobile malware developers are playing on these inclinations, to manipulate the familiar, legitimate features in the mobile apps and services we recognize and trust."

AFP


Also related to this story

Galaxy S5 fingerprint sensor hacked

Snapchat to app in wake of hack

The statements, comments, or opinions expressed through the use of New Vision Online are those of their respective authors, who are solely responsible for them, and do not necessarily represent the views held by the staff and management of New Vision Online.

New Vision Online reserves the right to moderate, publish or delete a post without warning or consultation with the author.Find out why we moderate comments. For any questions please contact digital@newvision.co.ug

  • mail
  • img
blog comments powered by Disqus
Also In This Section
Googling yourself hurts, says Miley Cyrus
Pop diva Miley Cyrus has opened up to Australian television about her life, saying Googling yourself is bad for your brain and Elvis was a "twerker"....
Apple, FBI investigate massive celebrity photo
The FBI and Apple were urgently investigating Monday after an apparent massive hack of a cloud data service unleashed a torrent of intimate pictures of dozens of celebrities across the Internet....
South Korea
South Korea's Samsung and LG unveiled new smartwatches Thursday with upgraded functions and design as they step up their drive to lead an increasingly competitive market for wearable devices....
Iran
Tehran will "accelerate" arming Palestinians in retaliation for Israel deploying a spy drone over Iran, which was shot down, a military commander said...
WhatsApp reaches 600 million active users
THAT'S up from the roughly 450 million it had in February when Facebook first announced plans to acquire the messaging service for $16 billion with another $3 billion in restricted stock...
Youtube to charge for music videos?
YOUTUBE will begin charging subscriptions for viewers to watch official music videos on their site with no ads. This will follow streaming services subscription plans like Spotify, Pandora (P) and Rhapsody...
Do you think banning the sale of single cigarette sticks will help regulate tobacco production?
yes
No
Can't Say
follow us
subscribe to our news letter