October 20, 2016
Mobile threats are on the rise thanks to viral apps like Pokémon GO, according to a new security report.
Online security expert Proofpoint, in a recently released report, discovered that popular apps such as Pokémon GO inspire hackers to create malicious side-loaded clone apps and dangerous add-ons in a bid to gain access to users’ devices and nab their private information. In the case of Pokémon GO, for instance, the app was downloaded on nearly five percent of mobile devices on corporate networks, making it a target of interest to hackers.
“Like many popular games, Pokémon GO has spawned numerous game guides, cheats, and add-ons. Many of them are risky or malicious, potentially exposing networked resources to attackers,” Proofpoint said. “We have identified at least three malicious versions of Pokémon GO this quarter along with numerous malicious companion apps. Even among legitimate installations, four percent of devices accessing corporate networks were an early version of the game that granted excessive permissions.”
Pokémon GO, which was released in July, was a hit worldwide and, because of its staggered global release, the high demand led users who did not want to wait for it to appear in legitimate app stores to sideload the app through third parties and direct downloads.
“Within three days of Pokémon GO’s release in Australia and New Zealand, we identified a cloned version of the Android app in a malware repository. The counterfeit copy included DroidJack, a remote access Trojan capable of taking over the device, and modified app permissions indicated in Figure 7,” Proofpoint said. “Though not observed in the wild, this version of Pokémon GO showed just how easily attackers could modify a popular app and distribute a malicious version to users.”
Another major target for hackers were apps related to the Rio Olympic Games. Proofpoint discovered more than 4,000 Android apps and more than 500 iOS apps related to the Olympics that demonstrated unsafe or malicious behaviors.
The report also discovered the average mobile device —both Android and iOS — has as many as 10 to 20 exploitable zero-day vulnerabilities.
“In August, we found that the so-called ‘Pegasus mobile device attack kit’ was available in both the criminal underground and the research community. This kit can be used to attack any device that is running any iOS version between iOS 7 and iOS 9.3.5,” Proofpoint said. “Although the malware originally surfaced as a result of a high-profile attack on a political dissident in the United Arab Emirates, it can be used against any person or enterprise with a vulnerable device.”
Pegasus is usually delivered to unsuspecting mobile users through a URL “with a convincing lure.” The link can be distributed via SMS, e-mail, social media, malicious search results and other apps. Once it is installed, Pegasus roots the phone and gains unencrypted access to a variety of apps and communication on the phone without the phone owner’s knowledge. Apple’s update to iOS addresses the issue, but only if iPhone owners stay on top of updates.
Other key insights discovered by Proofpoint include:
- Negative and damaging content including spam, adult language, and pornography increased by more than 50 percent over the second quarter.
- Social phishing has also doubled since the second quarter with credential and financial phishing being the biggest threats. “Fraudulent accounts —used for a type of attack we call angler phishing—led the way,” Proofpoint said.
To read the full Proofpoint Q3 Threat Summary, click here.