RiskIQ Q3 Report: Mobile Malware Spikes, Reaffirms 2017 as a Botnet Year
In Q3 2017, the volume of malicious apps for mobile platforms continued to assault the market, low-lighted by brand imitation and trojan apps in official vendor stores and the WireX botnet attacks, according to RiskIQ’s latest report.
The security intelligence firm’s Q3 analysis covers all major app stores, some 150 lesser known outlets, including high-risk stores, and extends to so-called “feral apps,” typically found in what it called “drive-by downloads,” and to some degree in Google’s Play store. On the latter, it should be noted, as the study pointed out, that Google’s percentage of malicious apps fell to four percent from a high of eight percent in the prior quarter.
Here’s RiskIQ’s assessment of the mobile malware playing field in Q3:
While Apple’s App Store and Google Play dominate the market, RiskIQ noted two other outlets for the number of fraudulent, malevolent apps hosted. For example, in Q1 ApkFiles hosted 25,545 malicious apps, slipped in Q2 but regained footing in Q3. However, in Q3 the AndroidAPKDescargar store emerged and more than doubled its number of malicious apps to 20,907, while its percentage of malicious apps remained in the 30th percentile. Similarly, the 9Game.com app store showed 97 percent of its 6,052 apps as malicious.
So far this year, AndroidAPKDescargar hosts the highest number of malicious apps, followed by ApkFiles, feral apps, and Google Play in the top four, all of which have similar numbers.
Here are RiskIQ’s user recommendations and conclusions:
Be wary of app reviews. “Rave reviews can be forged, and a high amount of downloads can simply indicate a threat actor was successful in fooling a lot of victims. Before downloading an app, be sure to take a look at the developer—if it’s not a brand you recognize or has a strange appearance or spelling, think twice.” One giveaway is poor grammar in the description.
Be alert. “The proliferation of malicious apps in both official and suspect stores alike threatens both individuals through the theft of personal and financial information and the free flow of internet communication through the use of mobile botnets that disrupt communication through DDoS attacks.”
Vendor collaboration works. The combined security forces of RiskIQ, Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, Team Cymru, and others together were able to identify WireX and push it back. “Extraordinary collaboration among security professionals from several disparate companies was able to hamstring the WireX botnet before it could launch more devastating attacks.” (It hit some 70,000 user devices worldwide with DDoS attacks and subsequently assaulted several content delivery networks.)
Expect more mobile botnets spread by malicious Android apps to hit mobile devices. The WireX “botnet is not dead, and researchers are still encountering examples of its malicious apps in the wild.”
2017 is the year of the botnet.” Malicious apps continue to be prevalent both outside of and within official app stores, and there has not been a material reduction over time in the number of malicious apps entering the largest official Android app store.”
Be safe: Until users can fully trust the source of downloaded apps, “people will continue to install things like WhatsApp imitators that turn their phones into attack platforms targeting any network at which the command and control server points them. Or, they’ll readily provide credentials or other valuable information to their flashlight app that is listening for banking activity, or any number of the long list of terrible things that are possible when wielding the power of the modern smartphone for evil.”