This past February, the mobile game Flappy Bird was pulled from the market for being too addicting. But the game was simply too popular to die so easily and as a result, developers acted quickly and it wasn’t long before clones started surfacing on the app store. Unfortunately, recent reports have shown that over two thirds of all sampled Flappy Bird clones have some sort of nefarious intent – whether malware or “risky behaviors.”
The behaviors found on these clones enable cyber criminals to remotely control a user’s phone. After the hijacker has gained control, the malicious activity can include: placing unwanted phone calls, stealing contact list data, tracking location via GPS and in some cases sending out SMS / text messages.
Those behaviors are especially frightening for large enterprises, with thousands of employees who may be unwittingly downloading cloned apps that either deliver malware, or often more commonly, exhibit other behaviors that compromise privacy and security.
In related news, Selfmite, a newly identified strain of Android malware has the capability to control a user’s phone beginning with an SMS / text message. Selfmite spreads by sending text messages to an infected phone’s address book. These messages appear from an unknown source and contain a URL that redirects to the malware. Once that link is clicked, the user is invited to install a file disguised as an icon. Once launched, the cycle begins again and sends the next round of text messages to 20 more contacts.
The upward trend in cybercrime is significant as the number of mobile malware samples has grown 167 percent in the past year. Also, as seen with Selfmite, cybercriminals are broadening their attack methods to fool mobile users.
Enterprises are advised to create a safe and secure mobile workforce with comprehensive App Risk Management and enforceable policy functionalities.
Finally, we wanted to extend our thanks to Gartner for hosting last week’s Security & Risk Management Summit. We were glad to see so many organizations interested in mobile app security and how they could enable employee productivity without compromising security and privacy.
Thoughts or comments on this week’s news? Reach the Appthority team on Twitter at @Appthority.