Site icon Check Point Blog

Hack In The Box: Malware Disguises Itself To Infiltrate Your Device

No user would intentionally allow malware onto a mobile device, so it’s obvious why malicious apps disguise themselves to trick users into inviting them in. In many cases, malware tries to persuade the user into going even further by asking for various permissions that can enable malicious actions.

Malware tries to do as much damage as possible. One of the strategies attackers use to do that is repackaging well-known popular apps. These usually keep their original functionality but add malicious components. The fake copy of the app will have an almost identical name to the original app and seemingly authentic icons, screenshots, and even user reviews.

These components can vary in purpose from financially motivated malware that steals money using premium SMSs or calls to taking credit card info or even using pop-up ads or installing fraudulent apps that generate revenue. Info-stealing malware can steal pictures, emails, SMSs, and seize control of the microphone and camera installed in the device. This could have dire personal and business implications.

Webinar: How to Keep Mobile Threats at Bay

Enabling and Securing iOS and Android in the Enterprise

Securing today’s powerful mobile devices and the data on them is critical for the enterprise, but more than half of decision makers in a recent IDC survey had security and compliance issues during mobility rollouts. Join guest presenter Rob Westervelt, research manager for security products at IDC and Michael Shaulov, head of mobility at Check Point to learn why it’s more important than ever to have security for iOS and Android that provides continuous mobile protection for apps, networks, and operating systems.

> Register for Americas Session

> Register for Europe Session

Some of these activities require malware to gain permissions not available to standard apps. The malware uses various tactics to convince the users to allow higher privileges including relying on the user’s lack of knowledge about permissions, fake explanations for the app’s need of higher privileges, and even harassing a user into granting permissions by constantly popping-up windows.

There are several types of security solutions which claim to protect users from these threats. Mobile anti-virus can detect malware based on binary signatures of a whole app or its parts. However, malware writers have found ways to bypass these arcane detection methods by obfuscating and encrypting the malicious sections of their code, rendering AVs useless.

Moreover, signature-based protections are only able to defend against known malware. Today, new mobile malware constantly emerges to target users. Apple and Google lag behind in creating and implementing patches capable of stopping new malware. So users can be left exposed for months at a time.

There are, however, security solutions that apply advanced technologies capable of detecting and blocking unknown malware. These protections can monitor an app’s installation process and run it in a virtual sandbox to determine its true nature by analyzing its behavior. By doing so, these defenses can protect you against obfuscated or completely unknown samples of malware.

Advanced solutions take into account a wide array of variables to deliver the best results with few or no false positives. To avoid impacting device performance, the analysis should be done in the cloud to inspect a developer’s reputation, the app source, the number of app downloads and more. Once a risk judgment is reached, the app can then be added to a white or black list, providing users with quick and effective protection.

To learn more about the major threats facing
mobile devices in the enterprise, read our

CISO’s Guide to Mobile Security.

Exit mobile version