We’ve all been warned: DO NOT DOWNLOAD APPS FROM UNOFFICIAL APP STORES. The Experts said that that is the best way to prevent malicious apps from getting in your device and wreaking havoc by remotely controlling your phone, getting personal information, or even subscribing to paid services without your knowledge.
But what if the threat is now present in legit apps found in legitimate app stores?
Palo Alto Networks discovered a new way hackers are gaining access to people’s mobile devices. Before, the apps themselves were laced with malware, now, the malware gets in the app via a malicious ad network. The threat was discovered to be coming from China and other Asian countries.
App developers don’t become instant millionaires when they create and get their apps published. Often times, in order to make their apps free, they have to rely on ads to monetize. The app developers need to embed an ad network code in their app, this is the reason we get annoying ads when we play games on our mobile devices. Now, hackers have found a way to use this method to their advantage. The hackers have built their own ad network and they trick developers into installing them in their apps. From there, it creates a door that would let malware to get pushed alongside legit ads.
“This is where things get extremely interesting,” Wade Williamson, a senior security analyst at Palo Alto, said in an interview. “The issue is that for pretty much anybody who builds a mobile application, they don’t make much money from the application, so they have to build in these hooks to the mobile ad networks. What happens is those ad networks are more or less behaving like crude botnets.”
Palo Alto found more than half a dozen samples that targeted Android devices. The malware enabled hackers to send text messages from infected phones to pay services, a scam known as “toll fraud,” and also paves a way for these cybercriminals to steal personal information.
This isn’t the first time ad networks were used by hackers to get a hold of people’s information and money.
In April, Lookout discovered BadNews, a family of malware that disguises itself as an aggressive advertising network. This allowed the apps to bypass Google’s security as the malware gets pushed at a later date.
According to Lookout, BadNews has the ability to send fake news messages, prompt users to install applications, sends sensitive information such as the phone number and device ID to its Command and Control (C&C) server, and has the ability to display fake news messages in order to push out other types of monetization malware and promote affiliated apps.
What do we do now?
With the threat already in ads, are mobile users left vulnerable to attacks?
Though developers need to be very careful installing ad networks in their apps, users can still protect themselves by making sure that the Android system setting ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs and installing security apps like Lookout to as their first line of defense against malware.