Malicious Apps in Global App Stores Increase, Leading to Emergence of WireX Mobile Botnet, RiskIQ’s Q3 Mobile Threat Landscape Report Finds


London – Dec. 12, 2017 – Malicious mobile apps are back on the rise, impersonating brands and fooling consumers, according to digital threat management leader RiskIQ, in its Q3 mobile threat landscape report, which analysed 120 mobile app stores and more than 2 billion daily scanned resources. In listing and analysing the app stores hosting the most malicious mobile apps and the most prolific developers of malicious apps, the report documents an increase in blacklisted apps over Q2, as well as the continued issues of imitation and trojan apps in official app stores and the emergence of the massive WireX mobile botnet.

Feral apps and Google Play are main sources of blacklisted apps
Q3’s analysis confirmed that feral apps-apps available for download outside of a store on the web-and the Google Play store were the most abundant sources of malicious apps each quarter. Plus, the top developer of blacklisted apps in Q3, Nyi Subang Larang, worked exclusively in the Play store. However, Google’s percentage of malicious apps was overall decreased and fell to a low of 4 percent in Q3 after reaching a high of 8 percent in Q2.

RiskIQ logo
Other leading blacklisted app sources

In third place, secondary store AndroidAPKDescargar had comparable numbers to Google and feral apps. In Q3, it more than doubled its number of malicious apps to 20,907, making up about one-third of its total app count and outpacing all other stores by more than 10,000.

Rounding out the top four, ApkFiles rocketed to a huge number (25,545) in Q1 and then dropped off in Q2 before recovering slightly in Q3. Meanwhile, 97 percent of 9game.com’s 6,052 apps (most of which purport to be games) were flagged as malicious.

Based on this data, RiskIQ concluded that some stores are being created and pumped up with huge numbers of malicious apps in short order. The firm’s researchers speculate that this could be in concert with a particular campaign or to make detection of known bad stores more difficult.

Playing the imitation game
One way malicious apps spread is through imitating others that are well known and popular. The report found that antivirus, dating, messaging, and social networking apps are favourite targets for this game. The Google Play store, in particular, is fertile ground for these attacks. Querying RiskIQ data for apps in the Play store since the start of Q3-containing the word “WhatsApp” and excluding any from the official WhatsApp developer-returned 497 entries. The same query for Instagram returned 566 entries. Avast anti-virus was copied by a developer, DevTech Inc., which has four other apps in the store since September-including a clone of Waze.

WireX mobile botnet emerges
Coinciding with the increase in dangerous/imitation apps, Q3 also saw the emergence of a massive mobile botnet attack, known as WireX. In August, RiskIQ, Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, Team Cymru, and others collaborated to take down the new threat, affecting the devices of at least 70,000 Android users globally. After a short development stage, on Aug. 17, the botnet struck several content delivery networks (CDNs)-with between 130,000 and 160,000 unique IPs observed from 100+ countries.

Around 300 apps tied to WireX were identified in total, a subset of which was found in official app stores, such as the Play store. Google moved to block these apps and to remove them from all Android devices. These apps masquerade as media and video players, ringtones, and storage managers. Once installed, they activate hidden functionality to communicate with command and control servers and launch attacks, whether the app is in use or not.

In this instance, extraordinary collaboration among security professionals was able to hamstring WireX before it could launch more devastating attacks. However, the botnet is not dead, and researchers are still encountering examples of its malicious apps in the wild. It may not be long before the rise of a new mobile botnet built through the spread of malicious Android apps.

“Securing the mobile app ecosystem continues to be a challenge for app stores of all sizes, but efforts to improve version control, monitor for abuse, employ verification techniques, and offer security education can help,” said Mike Wyatt, director of Product Operations at RiskIQ. “Tracking the use of brand names and likeness is an equally daunting challenge for corporations. Brands should evaluate and implement solutions that constantly monitor their digital footprint online and in mobile app stores.”

For specific metrics or to learn more, download the RiskIQ Mobile Threat Landscape Q3 2017 Report.


About RiskIQ
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organisation’s digital presence. With more than 70 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures.

Visit https://www.riskiq.com or follow us on Twitter.

###

© 2017 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners.

PR Contact
Haydn Stokes
Atomic PR
Haydn@atomicpr.com
+44(0)203 861 3845

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

::::::::::::::::::::::::::::::::::6733:::::::::::::::::::::::::::::::::;;

:::::::::::::::::::::::::::::925:::::::::::::::::::::::::::::::

TRIO STEEL IS ONE OF THE MOST TRUSTED BRAND AND LEADING EXPORTER AND SUPPLIER OF CARBON STEEL, ALLOY STEEL & STAINLESS STEEL PIPES & PIPE FITTINGS MATERIAL. Triosteel is one of the leading Suppliers and Exporters of API 5L Pipe in Singapore. Triosteel also Exports to many countries like Indonesia, Iran, Saudi Arabia & many more. An API 5L pipe is manufactured by adhering to the specifications laid down by the International Organization for Standardization (ISO) 3183.

2780

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

2781

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

——————————————–

For the 2012 MLB period, we found an totals forecast Joao’s Renowned Over/Under João Zorro Gonçalves, Zcode Totals Pro, System of the time with progressions that have been successful over 98 98% ... We eventually perfected our over/under program ( Zcodesystemexclusive ), although it h-AS has brought years of investigation. Five Steps to Making a Winning MLB Method: 1. Execute appropriate cash management tools. 2. MLB rules that are comprehend. 3.Extensive testing back to make sure successful longterm results ...

——————————————–

There is always a challenge when you're dealing with the Foreign Exchange Market. That's just the nature of the beast. The best thing you can do is to learn about how the market operates as a whole so that you will be ready to meet these challenges. iq option penipu Never be misled by any profit gains in binary options. This is the number-one way traders end up losing their money and ultimately failing. Remember that the same things that make you laugh can make you cry in this market, and you can lose that $700.

——————————————–

Learning Polish has never been this fun and easy as with our podcasts Learn Polish with Polishpod101 Start today and become conversational in Polish in no time

——————————————–

The Best Website Agen Poker Resmi www.sakupoker.com Terpercaya come join

——————————————–

Do you need edmonton phone systems service ? Call complete communications today!

——————————————–

High-tech solutions for easy start-up of your IPTV/OTT-business

——————————————–

——————————————–

If you want to purchase not only one item, you have a chance to enjoy privileges. There is a sale’ tab on the site which offers a fantastic range of reduced counterfeit watches and accessories, such as sunglasses, cufflinks, watch straps and pens. Luxury Jewelry Replica At MCA.MN On Sale You get a 5% discount if you buy two pieces, this discount increases to 10% if you buy 4 pieces or more. There is free international shipping on all orders on this site. We also offer customers a free return anytime with a 100% money back guarantee.

——————————————–