Beware Of Rogue Apps, Warns Safety Campaign

0 0 1 Comment

Malware infested apps can send hundreds of premium texts, warns Get Safe Online

Smartphone users could be thousands of pounds in the red before they know it thanks to malware and rogue apps, a government backed Internet safety initiative has warned.

Fraudsters are currently loading rogue, malware infested apps onto legitimate app stores as well as unofficial online stores, according to Get Safe Online, an internet initiative backed by government, police and industry. Downloaded by users as ‘free levels’ to popular online games, or as security tools, compromised apps give criminals free rein over the victim’s phone.

Criminals can then make calls, send and intercept SMS and voicemail messages, and browse and download online content, said the organisation in a statement. They can also gain access to all personal and payment data available on the phone, which may then be used to ‘spam’ other mobile web users to commit further fraud, or sold onto and used by identity fraudsters.

One scam every minute

“The latest scam,” warns Rik Ferguson, director of Get Safe Online and also director of security research at Trend Micro, “Allows fraudsters to send a steady stream of text messages, up to one text message every minute, from an infested phone to their own premium-rate services, at a cost of up to £6 per message.”

Often the victim can remain unaware for weeks; until they see their bill, or their network provider identifies suspicious activity. This is because, unlike previous premium-rate call scams, these do not ‘tie up’ a victim’s phone line, with activity taking place within the device’s back end infrastructure.

The number of users transmitting personal and financial information on their smartphones has grown to more than 17 percent, while 22 percent of users download new apps at least once a month, according to the latest research from Get Safe Online.

This trend, along with the boom in smartphone use; 59 percent of current users acquired their device in the last 12 months, and the increase in mobile network contracts offering web access as standard, is creating new ways for criminals to extort money.

Serious criminal intent

“Smart phones are now at as much risk from fraud as their computer and laptop counterparts, and represent big business for online criminals. These devices are essentially mini laptops with a wealth of personal information. Eighteen months ago, our primary concern was users not having secured the handset properly, giving fraudsters easy access to our data if it fell into the wrong hands; the majority of malware was relatively ‘trivial’. That has shifted and today there are clear signs of serious criminal intent to defraud users; we are seeing smart phones targeted by sophisticated and lucrative malware scams with increasing frequency and severity,” said Get Safe Online managing director, Tony Neate,

“With users now installing and removing apps with increasing frequency, the chance of encountering a rogue app is much higher. Smart phone security, such as anti-virus or anti-malware software, is available but not widely deployed. Soon it will need to be common place”, added Ferguson.

Until then, Get Safe Online working closely with premium rate phone regulator, PhonepayPlus, to address the risks posed by rogue apps, reccomends being vigilant when downloading new apps and monitoring your phone for any unusual activity, including sudden increases in battery drain, a possible sign of surreptitious activity on your phone. The organisation also urges users to check reviews and ratings as well as developer information before downloading a new app. A good way of keeping an eye out for suspicious activity is by checking your phone bill more than just once a month, according to Get Safe Online.

  1. Comment by email from Jason Hart, managing director of CRYPTOCard:

    “People are increasingly more vigilant when accessing the internet via a laptop or PC, but most don’t apply the same processes when browsing the internet on their smartphone. Mobile phones have become almost too useful and we store all our information on them from Facebook log in details through to our bank details. And as they become increasingly deployed in the corporate environment, so people are also storing their company email, passwords and other sensitive documents on them.”

    “At the moment that information isn’t protected in any way. In the mobile economy companies and people alike need to ensure they are better protecting their smartphone data. In many ways it is like starting security education all over again as people don’t think that one small device can have such big security consequences. Businesses and individuals alike need to get robust security measures in place that protect against malware and opportunistic hackers.”