Palo Alto Networks has uncovered a threat in which hackers are building their own ad networks to fool developers into embedding the networks' code in their apps. This is unintentionally opening a backdoor through which malware is being distributed.
According to Bloomberg, although the usual advice has been to avoid downloading "dodgy" apps to prevent infection, now even legitimate apps are a threat.
However, where usually the malware is triggered by the user downloading something suspect, in this case it is triggered by the app developer including the ad network's code in its app.
The majority of mobile app developers embed advertising frameworks into their apps to monetise them. Ads displayed in mobile apps are served by the code that is part of those apps, which means the ads will be tracked, and the developers paid.
Unfortunately, this third-party code is also a backdoor into a device, and developers would be unknowingly opening a door for malware to slip through the cracks in addition to legitimate ads.
Once the device is infected, the malware can intercept and hide received text messages. It can also send text messages in order to sign up users for premium-rate mobile services.
This is not the first threat of this nature. In April, Techworld reported that a botnet had circumvented the app vetting settings of the Google Play store, posing a huge danger to many Android users.
At the time, Lookout Mobile Security said in its blog that it discovered BadNews, a family of malware it found in 32 apps across four different developer accounts in Google Play. It said together, the infected apps were downloaded between two million and nine million times. Google removed the offending apps and suspended the associated developer accounts.
Pay close attention
According to David Emm, senior security researcher at Kaspersky Lab, the idea that mobile malware doesn't rely on people visiting disreputable sites is not new. "We've been seeing malware in legitimate app stores, including Google Play, for some time now. That said, getting apps from legitimate sources is definitely a way of reducing the risk of infection."
Moreover, he advises users to pay close attention to what an app asks to do. "For example, if you've downloaded a word game app, and it asks for permission to access your contacts or the messaging system, it should raise alarm bells - why would it need this? Or maybe a metric converter that asks for Internet access."
Unfortunately, Emm says many people don't pay close attention to the "small print" when installing apps, but checking that the requested permissions match the advertised functionality of the app is of great importance.
Share