According to Proofpoint, an Intel Security Partner focusing on preventing advanced threats, “When it comes to malicious apps, apparently nothing is sacred. The surprising prevalence of riskware in religious texts’ apps provides further evidence that mobile users - and their employers - need to be far more security-conscious.”
Kevin Epstein, vice president of Threat Operations at Proofpoint says “The findings are also a valuable reminder of the importance of a mobile app security strategy for organisations. To protect employees and users from unscrupulous scammers and cybercriminals– and against riskware and malicious apps in general – organisations should define policies and deploy solutions that enable them to identify and control these apps before they can impact the organisation’s security posture.”
The key findings included:
- Bible applications had the highest rate of malicious code than any other category in this research with 3.7 percent or 26 out of 5,600 applications. Proofpoint defines malicious code as code that attempts to exploit the mobile OS in order to access data and services for which they do not have permission.
- Proofpoint analysis found that one of the most popular Bible apps sends data to sixteen servers in three different countries. It reads the user’s SMS messages, address book, and device and phone information, tries to exploit cross-app interaction if the device is rooted, and can even make phone calls on your behalf.
- Similar analysis was conducted on Quran applications (the religious text of Islam) and researchers found one of the ten most-downloaded apps is clearly riskware. It installs itself as a boot-time app and communicates to thirty-one different servers, reads SMS messages, sends messages from the user and can look up the user’s GPS location.
- Something as seemingly utilitarian as a flashlight application can even host malicious code and communicate user data to app owners. Of the 5,600 applications examined, more than 678 servers across 28 countries are actively receiving data on from these apps.
- Of the 23,000 free gambling applications examined, nearly 14 percent exhibited risky behaviour including conducting an alarming amount of external server communication.
- The existence – and surprising prevalence – of riskware in seemingly legitimate apps is a valuable reminder that organisations need a mobile app security strategy. Organisations should define policies and deploy solutions that enable them to identify and control these apps before they can impact security posture.