March 27, 2019
Mobile App Security: Fake ‘WhatsApp’ Fools Millions and Puts Businesses at Risk
Posted November 9, 2017
Mobile app security is a hot topic this week after a fake version of WhatsApp fooled more than 1 million users who downloaded it from Google Play.
Innocuously named “Update WhatsApp Messenger,” the fraudulent app was featured in the ever-popular Android application marketplace before being spotted by a user who reported the findings on Reddit.
The app is loaded with spamware and is designed to hide itself from detection on users’ phones. A brilliant knockoff, the app was so convincing, it was downloaded somewhere between 1 and 5 million times, and even generated 6,000 four-star reviews.
Still, social media has lit up with folks pointing out just how common this problem can be on Google Play and other app stores.
In the past week, reports of dozens of fake “Animoji” apps on Google Play have surfaced, despite the fact that “Animoji” is native to the iPhone X made by Apple. In September, news broke that a new strain of malware called “ExpensiveWall” was discovered in about 50 apps that had been downloaded between 1 million and 4.2 million times before being removed from Google Play. Others contained code from the BankBot malware family, which can give fraudsters access to all of a users’ apps.
Meanwhile, in the run-up to the holiday season, experts are warning about another possible wave of fake shopping apps flooding Google Play, the Apple App Store and others, just as they did last year.
While the bogus WhatsApp seems to have been designed to make money for its developer through advertising, it and other fake apps can mean big trouble for users.
The Spy Who Robbed Me
Rogue apps are a perennial issue on the web, often spread through unsuspecting users who share what may appear to be a legitimate game or messaging app with friends.
As more consumers transition to mobile to shop, connect with friends on messaging and social platforms, play games, and access online banking, criminals will increasingly exploit the vulnerabilities in mobile applications, which present a unique set of risks.
For those that can sneak past screening, official application marketplaces make for especially powerful platforms to propagate malicious apps because of consumers’ presumption of security.
Once downloaded by hoodwinked users, these malicious apps can deploy malware to spy on users, track their activities and behavior, and steal logins for legitimate retail and banking applications. The result can be fraudulent purchases and direct theft of user identities and assets.
It can also put other apps on the victim’s phone at risk, presenting security threats to the businesses behind them.
Security Beyond the Screening
Today, applications submitted to app stores typically undergo rigorous security testing, though obviously the process is not foolproof. Fake apps can employ a number of tactics to bypass screening, such as execute their malicious code on time delay so sketchy behaviors don’t show up until after an app has been accepted.
However, they get to users’ phones, businesses must always be on the lookout for compromised apps that can endanger their own systems. That includes their own apps if other apps infect them on a users’ device. The key is to go beyond security protocols that analyze a specific app or transactions emanating from them, and take a more holistic view.
ThreatMetrix Mobile, for instance, is a lightweight software development kit (SDK) that can be integrated within mobile applications to deliver strong device identification, as well as detect any breaches to the host application while evaluating the overall security posture of the device.
Events demonstrating high-risk signals or anomalies can be flagged for review while legitimate users on trusted devices are recognized in real time, so transactions can be accelerated without additional authentication.
Among other things, ThreatMetrix Mobile delivers several key capabilities for protecting against fake apps, including:
- Malware Detection and Application Reputation: While many organizations actively improve security controls in web channels, fraudsters’ increasing focus on mobile channels has introduced a slew of threats that organizations are not always equipped to combat. ThreatMetrix Malware detection and Application Reputation evaluates all installed applications on Android devices and verifies them against an industry-leading signature database of more than 15 million mobile apps. Known, trusted applications are validated while applications containing malware or having suspicious reputations are flagged in real time.
- Application Integrity Assurance: Fraudsters routinely de-compile legitimate applications, inject them with malware using a toolkit or customized code, and then republish them to app stores to exfiltrate money, goods, credentials or identities. ThreatMetrix Application Integrity Assurance validates that the customer application hosting the ThreatMetrix SDK has not been tampered with or modified. Application integrity is validated every time the ThreatMetrix SDK is invoked to provide ongoing assurance.
Security for a Mobile-First World
ThreatMetrix Mobile is underpinned by the ThreatMetrix Digital Identity Network to leverage shared, real-time threat intelligence from millions of daily consumer interactions around the globe to detect fraud at lightning-fast speeds.
According to organizations that have deployed ThreatMetrix Mobile, the solution helps them instantly recognize good customers and bad actors with 95-percent accuracy, accelerating and enhancing the experience for legitimate transactions, while stopping fraudsters and their malicious apps in their tracks.
Message that to the bad guys – but don’t use the fake WhatsApp to do it.
To learn more about ThreatMetrix Mobile SDK and its abilities to protect native mobile applications, download an exclusive solution brief here.