Researchers this week identified 35 applications representing more than 2 million downloads that have snuck into the Google Play Store — apps that hide their presence on a device by renaming themselves and changing their icon, then start serving aggressive ads.
In a Wednesday blog post, Bitdefender researchers explained that one of the ways cybercriminals monetize their presence on Google Play is by serving ads to their victims.
The researchers said while this sounds fine at first, the danger here is that the ads served to victims are disrupting the user experience and can link directly to malware.
Third-party code buried in mobile apps has become a rising cybersecurity risk, both for consumers and organizations, said Chris Olson, chief executive officer at The Media Trust. Olson said while the apps named in Bitdefender's study were clearly created with malicious intent, more legitimate apps are not free from danger, either. He said today, the average mobile app contains up to 30 third-party APIs that malicious actors can use to distribute phishing links, track user activity across the web, and steal location/device data.
“With the help of location-based targeting and audience segmentation, cyber actors can zero-in on members of specific organizations and use their mobile device as a launch pad for further penetration and reconnaissance,” Olson said. “Ultimately, organizations need to be more aware of their digital perimeter and the dangers inherent to the apps and web platforms they use every day.”
John Bambenek, principal threat hunter at Netenrich, added that as consumers move more of their digital lives and sensitive information onto their mobile devices, criminals will keep targeting platforms such as Google Play.
“The easiest way on is malicious apps which means trying to trick the app store and its automated detection system,” Bambenek said. “In an ecosystem designed to be open, it becomes a rat race much like we have in staying ahead of endpoint malware.”