24,000 Malicious Mobile Apps Are Blocked Every Day. What Are the Risks of Using One?

malicious mobile apps

Did you know that information stealing mobile apps exist? Did you know that hundreds and thousands of malicious apps are blocked every day? Yes, apps that are meant to assist you and offer you great services can be dangerous too, and, unfortunately, Google Play, Apple's App Store, and other reputable app sources can promote them. According to a report published by Symantec, averagely 24,000 malicious mobile apps were blocked every day in 2017 on Google Play. This showed an increase of 54% when compared to the statistics of 2016. The report concluded that the biggest issue that led to such socking numbers was users' inability to update their operating systems.

Without a doubt, outdated and unsupported systems are more susceptible to malware, but even if you are using the latest version of your mobile OS, you could be at risk. If you download malicious apps, your mobile number could be leaked – according to Symantec, 63% of all malicious apps can do that – as well as lead to many other security issues. If you want to learn more about information stealing mobile apps and identity theft, and you want to learn how to recognize malicious apps and protect your device against them, you should continue reading.

How to spot malicious apps to avoid identity theft

If you own a phone, tablet, smartwatch, or any other kind of device that allows you to download apps, you need to learn how to evaluate them, so that you can spot malicious apps and, potentially, evade identity theft and other issues that come along with them. In some cases, recognizing malicious apps can be very easy, but malware creators are learning from their mistakes with every malicious app they release, and that, unfortunately, means that they are becoming better and better at disguising real threats. If you want to evade such apps, you need to be looking at a few specific things.

  • Download from reputable sources ONLY. As mentioned before, malicious apps can be spread using legitimate app stores, such as Google Play. Although most of these apps do not reach users because they are blocked before they are approved by the app store, some of them manage to slip through the cracks. In June 2018, the payload of Anubis malware capable of stealing login data of banking apps was concealed using apps that appeared to offer legitimate services. According to researchers, 10,000 people downloaded malware without knowing about it. While you need to be careful regardless of the source you download apps from, your chances of encountering malicious apps definitely increase if you use unreliable app stores.
  • Reject apps that demand ridiculous permissions. It makes sense if an application that is meant to give you directions (e.g., Google Maps) asks to track your location. On the other hand, if the app does not need your location for any apparent reason, there also is no reason why you should grant this permission. Permissions are introduced to you when you download apps, and you must evaluate them carefully. You have to be particularly careful about apps that request access to your messages, phone calls, payment-related data, access to other apps, etc. If you are suspicious about anything, it is best to reject the app and find a better alternative. After all, you do not want to experience identity theft for some app that, allegedly, can offer you benefits, do you?
  • Be careful about shady apps. When you install new apps, you need to look not only at permissions but also the developer and app's description. It is worth it to take your time to quickly look up the developer to see what you can find. If you do not find any information at all, that is a red flag. If the developer's website offers vague information, you've got another red flag. If you discover that you can contact the developer using a free email service (e.g., Gmail), you need to run and never look back. And what if there are no contact details at all? Game over. When it comes to the description of the app, look for poor grammar and too-good-to-be-true promises.
  • Remember that reviews and ratings can be forged. Have you found an app that does not need strange permissions and whose developer appears to be legit? What about the ratings and reviews? Obviously, if you stumble upon a fresh new app (look at the release date to find out), you shouldn't see a ton of reviews or ratings. If the ratio between downloads and ratings or reviews does not make sense, you need to be cautious. Also, reviews and ratings can be forged, and so if you think you can automatically trust an app that was downloaded thousands of times and has a bunch of 5* ratings, you need to think again.

What happens if you download information stealing mobile apps?

If you end up installing malicious apps, you could become a victim of identity theft, as your passwords, usernames, and other login credentials could be stolen as you type them in. Personal information stealing mobile apps do the dirty deed silently, and so you are not supposed to realize when a malicious app is, for example, recording the login data to a banking app. The aforementioned Anubis malware used a very clever camouflage to obtain such data. The malware would appear as Google Play Protect, and ask the user to agree with the app's ability to observe user's actions and retrieve window content. If the user was tricked into allowing this, Anubis could successfully record personal data using a keylogger function. This allowed the infection to steal sensitive data, perform identity theft, and set up illegal transactions.

In August 2018, 145 malicious apps potentially capable of identity theft were removed from Google Play too. These malicious apps were specifically targeting Windows OS phones. Of course, identity theft and data theft is not all that malicious apps are created for. They could also download malware, spy on users by recording phone calls, text messages, or even using the phone's camera, send messages to premium-rate numbers, record location, and even use the phone to spread malware to contacts via text, chat apps, or social apps. Needless to say, the stakes are high here to ensure that malware does not invade and is removed in time. Here are some red flags that might suggest the existence of malicious apps.

  • Your device's battery drains quicker than usual.
  • Your device suddenly starts lagging, freezing, crashing, or rebooting.
  • You find unfamiliar apps on your device.
  • You discover random ads pop up on the screen.
  • Your mobile data increases or, if a limit exists, is used up quicker.
  • Your phone's bill increases due to unauthorized texts sent to premium-rate numbers.
  • Your browser opens strange websites (for example, app download sites).
  • You discover security apps disabled or removed.

What now!?

If you suspect that a malicious app was downloaded onto your computer, you need to act fast because someone might be trying to perform identity theft and lead to other security-related issues. First and foremost, install a legitimate security app to have your device inspected thoroughly. If threats are detected, they must be deleted immediately. Needless to say, all unfamiliar and suspicious apps must be deleted too. Next, install all available updates because those might include important security patches. If your system is due for an OS upgrade, install it immediately. There's no time to waste! If all fails, take your device to a professional who will know what to do. Hopefully, in the future, you will remember the tips and advice in this report, and you will be able to avoid identity theft and other issues caused by malicious apps.

November 6, 2018