Although they’ve been most closely associated with email, phishing scams have long had a home on other platforms. Hackers have taken to social media websites, blogs and other internet outlets to lure in victims. Now, related cyberattacks targeting personal information have been increasingly occurring from yet another source: mobile app stores.
An RSA report says mobile app-based fraud attacks have surged in recent months. Incidents of such attacks have jumped by nearly 300% in just three months, from 10,390 in the fourth quarter of 2018 to 41,313 in the first quarter of this year. And mobile app attacks now make up half of all cyber fraud incidents that RSA has reported. By way of comparison, common phishing attacks now account for 29% of cyber fraud – up by less than one percentage point from Q4 2018 to Q1 2019.
Creators of fraudulent apps have been motivated by the popularity of mobile applications. These cybercriminals launch seemingly legitimate apps that serve as a container for malware, which steals personal data or subscribes users to unwanted paid services. In January, Trend Micro reported on a handful of applications, all hosted on the Google Play Store, that install spyware on a target’s mobile device that can pull data from call logs, SMS, and devices’ clipboards. The data is sent to a cloud-based server that registers the device and enables hackers to issue additional commands to the compromised device.
The scope of the problem is vast; Google had to pull some 700,000 malicious apps from the Play Store in 2017 alone. A popular app for Mac also had to be taken down from Apple’s Mac App Store after it was proven to be sending data to a Chinese organization.
As mobile app attacks continue to rise in prevalence, consumers should proceed with caution before loading up their devices. Only installing from official app stores is an important first step. But even then, users should make sure their apps are coming from reputable publishers, rather than relying on the distribution platform to verify legitimacy.
Organizations with bring-your-own-device (BYOD) and mobile access programs also need to ensure that their information is protected from applications that could compromise an employee’s device. Such programs should always be structured and configured with security at the forefront.
Lunarline is an industry leader in mobile security. We can help any organization leverage a mobile strategy that keeps their sensitive data, and their employees, protected. For more information on the services we provide, contact us today.