Researcher Lukas Stefanko has just warned (via Twitter) about malware embedded in fake apps available on Google Play, noting that 13 apps have been installed more than 560,000 times. A OneSpan mobile cybersecurity expert offers perspective on the goals of the attackers and how brands can prevent their apps from being repackaged by criminals.
Will LaSala, Director of Security Solutions, Security Evangelist at OneSpan:
“Application repackaging has been on the rise for a while now. Earlier this year it was reported that applications were being hijacked to install cryptocurrency miners. We saw a decline in these attacks when governments started to address the cryptocurrency conversion process and made it harder for anonymous people to cash out. However, these repackage attacks did not stop, instead they got more sophisticated and refocused on other valuable data that can be converted to money just as quickly. New repackaging attacks make common or simple apps into nefarious payload delivery applications. This allows hackers to get other malware onto victims phones without their knowledge and often by combining screen overlay attacks to help trick users into installing these newly downloaded malware payloads. These malware apps focus on harvesting credentials and injecting libraries that can cause applications to deliver sensitive information directly into the hands of the hacker.
“If your application becomes the target of one of these repackaging attacks, it will affect your brand’s reputation and may cause users to turn to competitors. Besides root and jailbreak detection, applications on iOS and Android should protect themselves with application shielding technology that detects and actively prevents repackaging. This is an advanced attack and not every solution out there can address them without major re-architecting. As an app developer and publisher, it’s important to look for app shielding technology that makes it easy to incorporate advanced mobile app security into an app without much development effort.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.