Info-tech

Now, cybercriminals set up entire fake app store

L.N. Revathy Coimbatore | Updated on November 21, 2017




Cybercriminals are back again reinventing their bag of tricks. Security experts say that they have now gone a step further this time, creating a whole new, fake app store that looks just like the legitimate ones.

“Last year they infected legitimate apps with malware, hosted them on the app marketplace for smartphone users to download. Now, they are creating a new fake app store filled with real-looking malicious applications,” said Mr Shantanu Ghosh, Vice-President (India Product Operations) and Managing Director of Symantec.

Mimicking an app for profit is bad enough, but replicating an entire app store?

“This just goes to show the sophistication and extent to which cybercriminals are ready to go, for a few bucks. In fact, their monetisation techniques have become smarter and more profitable. Unless the user observes the URL, he/she may not be able to differentiate the real from the fake site,” says Mr Ghosh.

“Once the Trojan from the fake app store is installed in the smartphone, it uses a technique called server-side polymorphism where by a unique version of a file is created every time a file is downloaded and this helps evade traditional signature-based detection.

The sites hosting Opfake include either links or buttons that can be used to download the malicious packages that are purporting to be free versions of popular Android software.”

Most of the attacks that we have observed on the mobile platform till date have been Trojanised versions of Android apps.

The latest development, however, is the creation of not just a malicious app, but an entire ecosystem around mobile malware, adds Mr Ghosh.

While cautioning users, Mr Ghosh recommends the implementation of a mobile management solution to ensure that all devices connected to the network are policy compliant and free of malware; use apps store hosted by legitimate vendors for downloading and installing apps and double-check URL; and having a mobile security solution to ensure that the downloaded apps are not malicious among other precautions.

Published on March 02, 2012

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

null
This article is closed for comments.
Please Email the Editor

You May Also Like