More than half a million Google Android users have downloaded malware-ridden apps from the Google Play store. Of the 13 apps, which posed as driving simulation games, two were trending on the store, giving them greater visibility.
In response to this news, please find a comment below from OneSpan.
Will LaSala, Director of Security Solutions, Security Evangelist at OneSpan:
Application repackaging has been on the rise for a while now. Earlier this year it was reported that applications were being hijacked to install cryptocurrency miners. We saw a decline in these attacks when governments started to address the cryptocurrency conversion process and made it harder for anonymous people to cash out. However, these repackage attacks did not stop, instead they got more sophisticated and refocused on other valuable data that can be converted to money just as quickly. New repackaging attacks make common or simple apps into nefarious payload delivery applications. This allows hackers to get other malware onto victims phones without their knowledge and often by combining screen overlay attacks to help trick users into installing these newly downloaded malware payloads. These malware apps focus on harvesting credentials and injecting libraries that can cause applications to deliver sensitive information directly into the hands of the hacker.
If your application becomes the target of one of these repackaging attacks, it will affect your brand’s reputation and may cause users to turn to competitors. Besides root and jailbreak detection, applications on iOS and Android should protect themselves with application shielding technology that detects and actively prevents repackaging. This is an advanced attack and not every solution out there can address them without major re-architecting. As an app developer and publisher, it’s important to look for app shielding technology that makes it easy to incorporate advanced mobile app security into an app without much development effort.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.