Leaky Apps, Sneaky Trojans, Ads by, and Other Mobile Threats
The mobile landscape is a surprisingly threatening place, so it’s not a surprise to see several new threats land in the field on a variety of different fronts, especially in terms of mobile malware. While some threats are proving to be greater than others, some of the threats are coming from directions that some may have never expected, and mobile security is proving an all too necessary tool in the face of this threat.
The good news, to kick things off on a high note, comes from an NQ Mobile (News – Alert) report, which indicates that mobile malware ads by seems to be on the decline, with 63 percent less mobile malware striking in the second quarter of 2013 as compared to the first quarter. Good news by any stretch, but the issue of mobile malware does still remain.
But despite the slowdown, it’s still recommended that mobile device users have a mobile security app in place, and keep an eye out on the news regularly for unexpected sources of potential security violation. There are, surprisingly, many to be concerned about; for instance, a new Android trojan making the rounds in the form of the “System” app—also known as Android / Obad.A in F-Secure (News –Alert)—an app that can both emerge from third-party app stores and browsing certain malicious websites. It’s not widespread, according to reports, but it’s both “very complex and professionally built.” The app keeps itself hidden via a vulnerability in Android (News – Alert), and allows backdoor access to the device itself to do things like text to premium SMS numbers, install further malware, and collect information like the IMEI number and the contacts list.
Image via Shutterstock
Cambridge American Idiom also brought in some trouble, both reading contact names and e-mail addresses, and sharing data with a third-party company known as AppLovin, and also displays ads in the notification bar. The app—a dictionary service—was recently pulled but can still be found in several marketplaces. Two separate Logo Quiz games also leak, with “Logo Quiz Car Choices” found to leak e-mail addresses and “Logo Quiz NFL NHL MLB (News – Alert) NBA MLS” leaking device ID. Finally, there’s Button Football, a soccer game from Royal Apps that leaks the user’s phone number, and reports that the app will spam users with alerts, requests to sign out of some services, and icons for other websites appearing, among other behavior described as “spammy.”
Mobile security is a very important part of most users’ everyday lives. Putting out the proper protections will go a long way toward keeping systems safe, and the information on same well-protected. Admittedly, some things seem innocuous enough—likely no one who installed Button Football thought it would be leaking the device’s phone number—but vigilance is still called for. Mobile malware may be on the decline overall based on some reports, but keeping an app scanner in play is likely to prove sound advice for some time to come.