Is Your Mobile Device Misbehaving? How to Catch Common Malware Misbehaviors

Nothing in life is free, and that’s especially true when it comes to mobile apps.

Thousands of free apps are flooding the marketplace—most are legitimate and available at no initial cost. But they often come at the price of offering up data from your smartphone or tablet that you might not be aware of or comfortable with sharing. It can be unsettling to know that for use of a free app, you could be exchanging potentially sensitive information through location tracking, targeted advertisements and other privacy invasions. And it’s not just the innocuous apps that are swiping your data, a heap of malware-laden apps are also flooding the marketplace looking for your vital information.

Even more disturbing, for Android users specifically, these apps are devised to both use and abuse your device for illicit financial gain. These apps act less as genuine services and more as vehicles for malware—programs that will steal and transmit sensitive data (spyware), or turn your device into a collection of Internet-connected programs communicating with other programs in order to perform malicious tasks (botnet). Some skim your address book and send messages pretending to be you (worm), while others sneak into your system, pretending to be harmless while performing a number of unpleasant actions in the background (trojan).

Many of these malware-laden apps contain several of the above snares and will eventually enslave your device in a network that only powers more malware and data theft.

It’s a security situation worth being concerned over. In our recent report, “Mobile Security: McAfee Consumer Trends Report – June 2013,” one in six downloaded applications on Android contain suspicious URLs and malware. Many of these exploits operate by “rooting” your Android device (or jailbreaking if you’re on an iPhone running iOS). Rooting allows users to hack their mobile device, be it a tablet or smartphone, and gain “privileged” access to the Android operating system in order to alter or replace a number of settings, system apps, admin permissions and more. However, those permissions are there for a reason: to protect consumers from risky applications.

These hacked apps and suspicious programs are most prevalent in third-party app stores, often mixed in with legitimate apps. And they’re difficult to spot, unless you really know what to be on the lookout for. More often than not, try to stay clear of using third-party stores that may put your information at risk and stick to primary channels.

But should you venture into the lesser-known sites and stores for your apps, there are steps you can take to protect yourself from suspect apps and potential malware.

A few signs you can use to detect malware:

  • Watch for System Updates from Suspect Sources: One of the more troubling trends in malware has been malicious apps posing as legitimate security updates. One type of malware, called NotCompatible, poses as a system update for Android, ironically enough to protect users from malware. It doesn’t. Instead, the malware will install a botnet program, which will later take commands from the hacker and take over your phone and seemingly secure data.
  • Double Check App Permissions: There’s always detail in the permissions. Always check the app’s permissions before downloading a new app. One of the more telling signs of a malware-infected app is if it asks for near complete access to the data on your device. Be on the safe side and avoid apps that ask for such sweeping privileges. A game app most likely does not require your location information.
  • Check Your Text Messages (and Your Phone Bill): One popular form of malware scams users not by stealing their banking info, but by sending premium-rate text messages thereby increasing your mobile phone bill. This can happen in a variety of manners, ranging from silently sending the messages to getting a user to unknowingly send a message, leading to oftentimes astronomically high phone bills.
  • Think Twice Before You Opt Out: Free apps often are loaded with software promoting various mobile ads. The ads alone aren’t the problem—developers need to make money and what better way than by selling ads? But the worrisome part comes when an app asks a user to do something seemingly benign in order to remove ads.
    • For instance: FakeRun will ask users to press a button in order to remove ads, a seemingly innocent request. However, the button doesn’t actually remove the ads, but instead gives the app a five-star rating on the Google Play Store. That five-star rating makes the suspect developer appear more trusted in the eyes of the Google apps store, giving the hacker increased credibility and the opportunity to publish more malware-laden apps.

It’s a frighteningly skilled form of a social engineering attack—one where the attacker emulates something familiar to exploit users—but this kind of attack can be avoided. Users should only download system updates from trusted sites like the Google Play Store. While not every third-party site is out to attack you, avoiding them is the only guarantee that what you’re downloading is genuine.

As we’ve previously noted, there are many risks associated with malicious mobile apps, both to you and other mobile device users that can be infected through a malicious download on your own phone. To help you stay protected from malicious apps, use comprehensive mobile security, like McAfee® Mobile Security, that will not only scan your device for viruses and threat, but also help you identify apps that are accessing too much of your valuable personal information. To protect all the devices, you own, use McAfee LiveSafe™ service, which not only protects your mobile devices, but all your PCs and Macs as well.

Follow us on Twitter at @McAfeeConsumer and on Facebook to keep up to date on the latest mobile malware news!

Leave a Reply