Flattr this
malware

Religious apps used to spread malware



Cybercriminals are creating free mobile apps as a means to spread invasive malware. Doing so gives them access to data from the most frequently used piece of hardware - the smartphone.

With billions of adherents, apps focused on the interests of the religiously inclined have a large, ready-made captive audience to profit from. For those in legitimate business they are a means of connecting advertisers with potential customers. Meanwhile, those with less honest intentions will see such apps as a means to pounce on naive smartphone users.

Security researchers working for Proofpoint claim to have found a large number of Bible and Quran apps that have been infected with malicious code.

Proofpoint found that the Bible is the most popular of the holy book apps, followed by the Quran. They counted in excess of over 5,600 unique Bible apps (4,154 Android; 1500 iOS) and 4,450 for the Quran (3,804 Android; 646 iOS).
 

A single Bible app has over 50 million registered downloads, three registered over five million downloads, and seventeen Bible apps have been each downloaded over one million times. For the Quran the two most popular apps have over 10 million registered downloads; seven have over 5 million downloads; 13 additional apps have a minimum of one million downloads.

208 Android-platform Biblical apps are known to be infected with malicious code, 140 classified as 'high risk' by Proofpoint. A significant number of Bible apps were found to be without privacy policies, this is usually a warning sign that all is not well and increases the potential risk of user exposure. It was found that one of the most popular Biblical apps sends user data to sixteen servers in three different countries; reads user SMS messages; has access to the address book, device and phone information; and has the ability to make calls on the user's behalf.

Sixteen of the Android-platform Quranic apps were found to contain malicious code, an additional thirty-eight were classified as 'high risk'. One of the most commonly downloaded Quranic apps installs as a boot-time app; communicates with over thirty servers; reads SMS messages; can send SMS messages on the user's behalf; can independently look up user's GPS location.

From the results of the study one can deduce that Apple's closed garden iOS platform works in the best interests of the user. None of the iOS apps tested were found to be infected with malware. Apple's strict app developer policies appear to have done the trick by protecting the user and keeping user data out of the clutches of cybercrooks.

As with all things it's important not to judge the book (or app) by its cover, holy or otherwise. The same precautions need to be taken with all smartphone software. Readers are advised to be particularly wary of apps that:


  • Have no privacy policy
  • Request super user permissions
  • Root or jailbreak the device
  • Upload user information without asking for permission or notifying the user
  • Read SMS/Emails and send them to a third party

About Afritechnet

0 comments:

Post a Comment

Powered by Blogger.