THE SURGE IN MOBILE APP FRAUD & THREAT LANDSCAPE

Mobile apps are an integral part of any organization’s online presence, but they are also an easy target for cybercriminals. They take advantage of organizations that have minimal visibility of their cyber assets by targeting their users and customers via suspicious/malicious mobile apps, which are being actively published on third-party app stores. Not all mobile apps of legitimate brands published on third-party app stores necessarily have to be malicious/repackaged. Cybercriminals can also mislead users with click fraud on shady third-party app stores that are injected with ads or affiliated with various other pay-per-click websites. They often target brands with a massive user base with an end motive to collect or steal sensitive information. There is a steady increase in the amount of suspicious mobile app incidents. CTM360’s detection systems identify all such apps that are hosted outside of the official app stores like Google Play, iTunes, BlackBerry World etc. Over the past 12 months, 15,000+ incidents have been detected solely for suspicious mobile apps, with banking and financial sectors topping the charts by being most targeted when compared to other sectors that include healthcare, airlines, conglomerates etc. Fig: Data showing the comparison of “Suspicious Mobile App incidents” for Banking and Finance v/s other sectors Furthermore, over 1000+ shady third-party apps were identified in stores that publish mobile apps of legitimate brands on a daily basis. A steady upward trend can be observed in terms of mobile apps being published on such third-party stores and we believe that this trend will keep continuing to grow in the coming years. THREAT LANDSCAPE CTM360 has categorized mobile app fraud into different levels based on their related threat indicators, severity and subsequent course of action needed. (See the chart below) Organization’s mobile apps published on official app stores pose no threat except in cases where they are published under a different organization/developer name. CTM360 ensures to inventorize genuine mobile apps for organizations under their mobile app cyber footprint. Individuals looking to make ad revenue also illegitimately extract metadata from official app stores that publish information related to an organization’s app usage and statistics. Such statistics websites pose a lower risk to an organization as they do not have the actual app files being downloaded from their store but rather they contain links redirecting back to the official stores. Many such websites have been identified and recommend monitoring of such sites for potential fraud activity. Cybercriminals also scrape official mobile app stores (mostly android Google Play), taking application files and metadata from app stores to host their own versions of mobile app sites. Such APK leecher websites pose a high threat to organizations, as the organization’s app users are susceptible to downloading apps from such stores. Cybercriminals do in some cases embed such APK leecher sites with advertisements/affiliations, thus perpetrating click fraud. Cybercriminals often auction these websites based on the amount of traffic received. The recommended course of action is taking down mobile apps from these APK leecher websites, and in some cases ends up shutting down the entire APK leecher website domain. One of the more creative techniques used by cybercriminals to target users is to repackage mobile apps i.e. to alter/modify APK files of genuine mobile apps either via the insertion or deletion of files. Many malware distribution websites have been discovered and analyzed which revealed that various APK files downloaded from such websites being repackaged with malware, adware & spyware. The immediate takedown of malicious download links as well as blacklisting such malware distribution websites will discourage future activities, safeguard users, and protect the organization’s interests. CONCLUSION While fraud targeting the mobile app industry is on the rise; cybercriminals are discovering newer techniques to lure users and perpetuate this fraud. Organizations are also indirectly affected as users end up on these third-party sites; clicking on pop-ups/ads or installing a malicious version of their mobile apps; thus affecting their brand reputation. Aggressively taking them down can deter cybercriminals from repackaging apps and posting apps on suspicious third-party sites which in turn will reduce fraud in the mobile app industry. Organizations also need to create awareness among their end-users as not to download from Third-party app stores and always make Genuine app stores as their only option. Users when downloading new apps from any store must be cautious, making sure to verify the publisher and paying close attention to what permissions each app requests.