Far From The Tree? Malware-Laden Applications Fall Into The App Store
Mobile malware is on the rise. As noted by Securelist, 2015 saw an uptick in the number of malicious attachments users were unable to delete, strong growth in the volume of ransomware, and the use of phishing windows to conceal legitimate apps. Perhaps more worrisome, however, is the spread of iOS malware through the App Store itself — what was once Apple’s bastion of security is starting to crack.
Last September, The New York Times detailed the rise of apps with malware in Apple’s online store — around 40 apps were found to contain malicious code, such as messaging application WeChat and business card scanner CamCard. Around the same time, security firm Palo Alto Networks posted a more in-depth guide about the XcodeGhost malware that was found in most of the compromised App Store offerings. Not only could the code prompt a fake dialog alert to phish for user credentials, it could also hijack specific URLs in addition to reading and writing password data on the user’s clipboard. In summary? Bad news all around.
The New Normal?
While Apple’s online store has enjoyed significantly less malware than its Google Play counterpart, research from companies like Kaspersky and Palo Alto suggest the balance is beginning to shift. The iOS maker’s security claim to fame has long been its strict before-distribution oversight policy, one many heralded as foolproof but has been proven as more of a nuisance to hackers than a roadblock.
As noted by AnandTech, meanwhile, more and more of Apple’s revenue is coming from the App Store. Despite a slump in hardware sales, users are willing to purchase multiple apps for their devices through the official store, making it an ideal target for hackers. Consider a recent Wall Street Journal piece that warned users against downloading add-on apps for the wildly popular mobile game “Pokemon Go.” While no malicious code has been detected in the app store yet, mobile security expert Andrew Blaich of Lookout, Inc. notes that “things can change from day to day.” In other words, what seems safe now may not be tomorrow or next week, even if it carries Apple’s seal of approval.
How do users stay safe in a world where even “safe” stores may carry apps that transmit malicious code? Apple has doubled down on security measures and even ousted popular apps such as “System and Security Info,” which told users about unknown processes running on their iPhones. It makes sense: Any app that has access to this level of system info poses a serious problem in the wrong hands. Users can also improve their overall app security by paying close attention to the permissions requested by any app — does a camera app really need access to contacts, social media data and text messages? Some of the most insidious malware programs gain a foothold because users simply “accept” whatever requirements are presented.
Bottom line? Expect App Store malware to grow significantly over the next few years as malware makers look for ways to infect devices without notification, leverage smartphones as bots in larger attacks or completely lock down phones so users have no choice but to pay up.
Malware protection isn’t impossible; Apple is working hard to limit compromised apps and user oversight goes a long way to minimizing the potential damage. Ultimately, however, there’s a new normal here: In order to strengthen App store app protection, all apps must be viewed with some suspicion — no matter their source.