Some Apps Come Loaded With Malware

Uploaded on 2022-05-13 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The British government conducted a review into the app store ecosystem from December 2020 to March 2022 which found that malicious and poorly developed apps continue to be accessible to users - clear evidence that some developers are not following best practice when creating apps. 

Now, a new UK Report by the National Cyber Security Centre (NCSC) has warned of the threats posed by malicious apps and is asking the IT sector to address the security problems in app stores used by millions of customers.

“Over the last decade there has been an enormous increase in the availability and use of smartphones and smart devices... Many of these devices feature application stores 'app stores', which allow users to download additional applications and content. The vast majority of users, particularly on mobile platforms, download apps via these app stores,” says the NCSC  Report.

All app stores share a common threat profile with malware contained within apps the most prevalent risk. Additionally, prominent app store operators are not adequately signposting app requirements to developers and providing detailed feedback if an app or update is rejected.

While most people will be familiar with apps downloaded on to smartphones, devices from smart TVs to smart speakers now also have them. The UK Government is discussing new guidelines on security and privacy for apps and app stores. 

  • The British government survey found that Android phone users downloaded apps which contained the Triada and Escobar malware from various third-party app stores. "This resulted in cyber-criminals remotely taking control of people's phones and stealing their data and money by signing them up for premium subscription services," it said. 
  • The NCSC's report noted that apps "can also be installed on laptops, computers, games consoles, wearable devices (such as smartwatches or fitness trackers), smart TVs, smart speakers (such as Alexa devices), and IoT (Internet of Things) devices".

The NCSC report an example of a security company demonstrating how it can build a threatening app for a popular tracker from a fitness firm, that could be downloaded from a link using the company's web address to seem legitimate. The app contained "spyware/stalkerware capable of stealing everything from location and personal body data".

The NCSC report noted that the appetite for apps had grown during the pandemic, with the UK app market  worth £18.6bn ($23.2bn).

The NCSC reinforces the government proposals to ask app stores to commit to a new code of practice setting out minimum security and privacy requirements. "Developers and store operators making apps available to UK users would be covered. This includes Apple, Google, Amazon, Huawei, Microsoft and Samsung," the government said. 

A proposed code of practice would require stores to set up processes so that security flaws can be found and fixed more quickly. App stores for smartphones, games consoles, TVs and other smart devices could be required comply with a new code of practice setting out baseline security and privacy requirements. 

They would need to share more security and privacy information in an accessible way, including why an app needs access to a user’s contacts and location. 

NCSC:      Gov.UK:         BBC:       Silicon:      Computer Weekly:   

You Might Also Read: 

Mobile Cyber Attacks: The Different Facets Of Smartphone Malware:

 

« The Cyber Security Investment Boom Continues
Wanted: Access To Social Media Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

HackRead

HackRead

HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends.

Cifas

Cifas

Cifas are leaders in fraud prevention, working closely with UK law enforcement partners.

ESNC

ESNC

ESNC’s vulnerability management and real-time SAP security monitoring solutions help largest corporations in the world to effectively prioritize SAP security tasks and secure their business.

Oznet Cyber Security

Oznet Cyber Security

Oznet Cyber Security is dedicated to offering integral solutions oriented to the support and security of information.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

NetSPI

NetSPI

NetSPI is an information security penetration testing and vulnerability assessment management advisory firm.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

4Securitas

4Securitas

4Securitas is an innovative cyber security firm focused on protecting critical data at the core of every organisation.

Cyberguardians

Cyberguardians

Cyberguardians is a team of experienced cybersecurity experts and consultants who always believe in the value and a high level of cybersecurity services to clients.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

TELUS

TELUS

TELUS provide Canadian businesses with the services and solutions they need to securely thrive in a digital world. Partner with a cybersecurity leader you can rely on.