In September this year it was discovered that as many as 500,000 people had downloaded the CallJam malware trojan from the Google Play Store. Shockingly, the malware, which poses as a simple guide to earning Gem Chests in the Clash Royale game, has been available on Google’s official Play Store since May and maintained a high reputation throughout, with a four-star review rating average, and thousands of five-star reviews. The malware was able to do this by asking its users to rate it 5 stars with the promise of unlocking additional content.
Once installed, the malware was used to redirect victims to malicious websites that display fraudulent advertisements. More worryingly, any users who approved the app’s permissions requests, were subject to CallJam making expensive premium phone number calls, often at odd hours so that the user would not notice them, all at the expense of the user.
CallJam is just the latest in a long line of malware targeting mobile devices. Trend Micro’s 2016 report found 3,000 active Trojan malware apps on well-known Android mobile markets, including more than 400 detected on Google’s own official Play Store. By far the worst offenders are fake apps posing as official apps from big brands across the banking, retail, media and entertainment, and travel categories.
According to security research firm RiskIQ, who accessed 80 different app stores in its 2016 report, including both the Google Play Store and Apple App Store, it was found that over 100,000 apps, or 43 percent of all brand-associated apps, were discovered to be fake and unassociated with that brand. Many of these apps asked for credit card or other personal information.
And from the looks of it, it’s only going to get worse. As digital and mobile wallets like Apple Pay, Android Pay and Samsung Pay take off, we’re likely to see a parallel growth in attacks targeting mobile platforms. When your phone has access to all of your credit card and banking information, cybercriminals no longer need to serve you adverts to make money, they can attack your bank account directly.
1. Always read the user reviews
Read what other users are saying to see if there are any red flags that could hint at malware.
2. Check what the app is requesting permission for
If a game is requesting permission to your phone calls, contact information or messages, it could be malware.
3. Don't install apps from a third party app store
Only install apps from the official app stores. While these stores aren’t risk-free, they have stricter checks on what is approved.