Most of the Top iOS and Android Apps Have Been Cloned to Spread Malware in 2014

By Ionut Ilascu    18 Nov 2014, 22:07 GMT

Report shows an increase in hacked iOS apps

Cybercriminals know the value of a popular mobile app, and this year they cloned 97% of the top paid software for Android and 87% of that for iOS, a report finds.
Although the numbers are high, in the case of Android there is actually an improvement when compared to last year, and the year before, as all of the top paid apps analyzed by researchers had been repackaged into malicious ones.

For iOS, the report is even direr because in 2014 a 31% increase has been recorded, indicating growing cybercriminal interest in the users of Apple’s operating system.

The research, carried out by Arxan Technology, took into account the most downloaded 100 paid applications for the two platforms and looked for their rogue counterparts on third-party app stores, as well as on different distribution websites and torrent trackers.
Android apps enjoyed most of the cybercriminal attention
Free software has also been included in the report, which focused on the 20 most popular pieces. The results show Android in the lead, with an 80% cloning rate, and iOS trailing closely, with a 75% rate.

The researchers aggregated results across multiple dimensions, including by vertical: financial services, health care, and retail/merchant.

The top 40 in each category were studied and the results showed that the most cloned ones were those for Android (95% – financial, 90% – healthcare and 90% – retail business). In the case of iOS, the smallest percentage is for merchant apps, 35%, while the financial-related software recorded a 70% rate, up from 36% last year.

As far as healthcare-related software for Apple’s devices is concerned, the report from Arxan informs that none have been hacked this year.

These three types of apps are expected to be targeted by cybercriminals because each of them are involved in exchanging sensitive information, either personal or financial.

The main information in the report has been neatly presented by the company in an infographic.
Both users and companies need to be security-aware
Securing the data does not fall solely on the shoulders of software developers, as users also have to take precautions. Maintaining the original defenses intended by the manufacturer intact is one way to ensure increased protection of the data on iOS.

However, even if the device is jailbroken, the most basic measure to prevent compromise is not to install software from untrusted sources. This recommendation also applies to Android devices.

Companies also have to take some steps towards protecting their products from being tampered with. “It’s evident from our research and various reports from leading industry experts that mobile applications are vulnerable to reverse-engineering, repackaging, republishing and susceptible to becoming malicious weapons,” researchers conclude.

Tags: , , , , , , , , , , , , , , , , ,

Comments are closed.

%d bloggers like this: