Eye on Security: Rogue Mobile Apps

What are they and are you at risk?

Here at Buzz Cybersecurity, we never stop looking out for our clients and readers when it comes to the evolving world of data breaches, viruses, and other threats to your security. So this time, we wanted to take a closer at a type of malware that isn’t necessarily new, but many people are still unaware of: the rogue mobile app.

Phishing is still #1 when it comes to global fraud, but rogue mobile apps have become more prevalent in scams over the past few years and sit in the #2 spot. With more apps coming out every year, pewresearch.org reports that 6 in 10 Americans prefer getting their news via their mobile devices, such as smartphones or tablets, versus the traditional desktop or laptop. Thieves understand this, and are more than willing to capitalize on the opportunity to get you to download something while being distracted: on the subway ride home, checking your phone while your date is in the bathroom, or simply after a long day at work.

Simply put, rogue mobile apps are created for the sole purpose of gathering sensitive information stored on your phone. Think phone numbers, passwords, user names, credit card info, and bank account information. These apps will typically have some type of malware, usually in the form of either a worm, spyware, or virus (Trojan horse or otherwise). According to the RSA’s 2019 Whitepaper on the Current State of Cybercrime, the percentage of fraudulent activity originating from mobile platforms is 70%. On average there are 82 rogue mobile apps identified each day alone, and they estimate that fraud from mobile apps has increased a staggering 680% since 2015.

It used to be that these apps were fairly easy to identify. They were mostly accessed via unofficial app stores or through email links. Most people got smart fairly quickly and understood that the best way to avoid scams was to stick to accessing apps through credible sources like the Apple App or Google Play Stores. But in recent years, links to fake Google Play stores have cropped up as well, and legitimate social media platforms like Facebook, Instagram, and WhatsApp are being used to sell stolen identities and credit card information.

But it’s not all doom and gloom. The fact that there are entire committees devoted to staying one step ahead of cybercrime is encouraging. And there are still things that you, as a consumer, can do to keep yourself safe. Let’s take a look at some of those!

  • Only use trusted sites. This one may seem obvious, but remember, cybercriminals are counting on you to have a momentary lapse in judgment and click on a link that you normally wouldn’t. If you come across a link in an email or on a website asking to download an app, go the Apple App or Google Play Store to download it directly. If you can’t find it there, then chances are it’s a rogue mobile app and you’re being targeted for a scam.
  • Read reviews. Do some homework on the app before installing it. See what others have had to say and how they rated it first. And make sure the rating makes sense. Fake or illegally modified app reviews are sadly on the rise, as well. Last year, 9to5mac.com published an article detailing accounts of how negative reviews (calling an app virtually unusable, for example) were showing up with 5 stars! Both iOS and Google have acknowledged having to identify and delete fake reviews, so they’re not unaware, but don’t rely solely on their admins to weed out bad apps.
  • Look at who developed the app. Larger institutions like banks will departments that put out the app themselves. If the developer isn’t the bank, it’s very likely to be fake. For smaller entities, check the app developer history. If they have created several apps that generally have good reviews, then it’s more likely to be legitimate,
  • Be aware of what permissions you’re being asked to give. This is a hard one sometimes because in recent years the list of permissions keeps growing. The question you must ask yourself is: do I need this app enough to want to disclose the information it’s asking for? If the answer is no, then don’t risk it.
  • Trust your gut. This nugget of wisdom never gets obsolete. If you get that cringy, unsettling feeling that won’t go away, listen to it. Go back and review the steps above. Too often we don’t want to seem like dinosaurs, left behind in the barrage of technology, while everyone around us seems to be evolving. It may take some extra effort, but if you’re still not sure, when possible, call your bank or other institution to verify that the app is not a rogue. And in the end, follow what you have peace about.

Cyber thieves are not expected to go away any time soon, but getting in the habit of practicing good cybersecurity has a cumulative effect. You’ll get better at it the more you do it, and you’ll become adept at spotting scams from the get-go. Just be aware that there is always a level of risk associated with conducting any transaction online, and use common sense. Many smartphones can be outfitted with antivirus and antimalware apps, so check with your provider to see what options are available to you.

If you enjoyed this article, sign up for our weekly emails so you can continue to stay in the know about cybersecurity and protecting your assets.

Photo by Brooke Cagle on Unsplash