Some Apps Come Loaded With Malware

Uploaded on 2022-05-13 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The British government conducted a review into the app store ecosystem from December 2020 to March 2022 which found that malicious and poorly developed apps continue to be accessible to users - clear evidence that some developers are not following best practice when creating apps. 

Now, a new UK Report by the National Cyber Security Centre (NCSC) has warned of the threats posed by malicious apps and is asking the IT sector to address the security problems in app stores used by millions of customers.

“Over the last decade there has been an enormous increase in the availability and use of smartphones and smart devices... Many of these devices feature application stores 'app stores', which allow users to download additional applications and content. The vast majority of users, particularly on mobile platforms, download apps via these app stores,” says the NCSC  Report.

All app stores share a common threat profile with malware contained within apps the most prevalent risk. Additionally, prominent app store operators are not adequately signposting app requirements to developers and providing detailed feedback if an app or update is rejected.

While most people will be familiar with apps downloaded on to smartphones, devices from smart TVs to smart speakers now also have them. The UK Government is discussing new guidelines on security and privacy for apps and app stores. 

  • The British government survey found that Android phone users downloaded apps which contained the Triada and Escobar malware from various third-party app stores. "This resulted in cyber-criminals remotely taking control of people's phones and stealing their data and money by signing them up for premium subscription services," it said. 
  • The NCSC's report noted that apps "can also be installed on laptops, computers, games consoles, wearable devices (such as smartwatches or fitness trackers), smart TVs, smart speakers (such as Alexa devices), and IoT (Internet of Things) devices".

The NCSC report an example of a security company demonstrating how it can build a threatening app for a popular tracker from a fitness firm, that could be downloaded from a link using the company's web address to seem legitimate. The app contained "spyware/stalkerware capable of stealing everything from location and personal body data".

The NCSC report noted that the appetite for apps had grown during the pandemic, with the UK app market  worth £18.6bn ($23.2bn).

The NCSC reinforces the government proposals to ask app stores to commit to a new code of practice setting out minimum security and privacy requirements. "Developers and store operators making apps available to UK users would be covered. This includes Apple, Google, Amazon, Huawei, Microsoft and Samsung," the government said. 

A proposed code of practice would require stores to set up processes so that security flaws can be found and fixed more quickly. App stores for smartphones, games consoles, TVs and other smart devices could be required comply with a new code of practice setting out baseline security and privacy requirements. 

They would need to share more security and privacy information in an accessible way, including why an app needs access to a user’s contacts and location. 

NCSC:      Gov.UK:         BBC:       Silicon:      Computer Weekly:   

You Might Also Read: 

Mobile Cyber Attacks: The Different Facets Of Smartphone Malware:

 

« The Cyber Security Investment Boom Continues
Wanted: Access To Social Media Data »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Evok

Evok

EVOK is an IT Service provider specialized in installing, maintaining and supporting IT infrastructures for SMB's in Switzerland.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

Buglab

Buglab

The Buglab contest and Vigilante Protocol help companies all over the world to discover and fix vulnerabilities on their digital solutions or assets.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

Razorpoint Cybersecurity

Razorpoint Cybersecurity

Razorpoint’s world-class security experts have provided advanced, effective cybersecurity expertise to corporate and public-sector organizations around the world.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

Nitel

Nitel

Nitel is a leading next-generation technology services provider. We simplify the complex technology challenges of today’s enterprises to create seamless and integrated managed network solutions.

Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

Secure Halo

Secure Halo

Secure Halo has been protecting the intellectual assets and sensitive information of the federal government and private sector for 20+ years, through our proactive approach to risk and cybersecurity.

Diversified Technical Services Inc. (DTSI)

Diversified Technical Services Inc. (DTSI)

DTSI provides a wide range of technology solutions for Federal Agencies, the Department of Defense, and commerical organizations with capabilities including Cyber Security and DevSecOps.

Hughes Network Systems

Hughes Network Systems

Hughes are industry leaders in networking technologies and services, innovating constantly to deliver the global solutions that power a connected future for people, enterprises and things everywhere.

VPNBlade

VPNBlade

VPNBlade is your go-to resource for expert reviews and advice on VPN services.