Smartphone spyware warning: why apps are becoming the next frontier in foreign espionage
Think twice before you download that selfie app — security experts warn foreign actors are using apps to spy on users. See the list of apps to be wary of.
Smartphones are fast becoming a leading frontier for espionage as more data-harvesting apps backed by nation states flood app stores, while sophisticated spyware is being disguised as legitimate third-party downloads.
Cybersecurity experts warn as many as 10,000 malicious apps are being identified daily and users are not concerned enough about real risks to their personal information, from text messages and passwords to the microphones and cameras in their phones.
The warnings follow concerns about a popular photo-editing app with Russian ties, and as Google researchers revealed a spyware company stole data from Android smartphones and shared it with a long list of foreign governments.
Lookout senior director Don Tan said malicious threats contained within apps were “more common than most people would think,” with risky apps regularly identified in routine scans.
“Our mobile dataset uses artificial intelligence threat engines to inspect 100,000 new apps every day and identify risky behaviours,” he said.
“On any given day, we auto-convict up to 10,000 malicious application threats, and this could include anything from the likes of Photo Lab to apps with surveillanceware.”
Security researchers recently issued a warning about the Photo Lab app NewProfilePic after a Russian website was discovered in its code, but Mr Tan said spy apps had become “alarmingly commonplace” due to the huge amounts of personal data stored on smartphones.
In addition to Israeli smartphone spyware Pegasus, which stole data from thousands of high-profile targets for foreign governments, mobile attacks have included spyware Hornbill and Sunbird that were disguised as security and news apps, and a Trojan called Flytrap hidden in a football app in the Google Play Store that stole the details of more than 10,000 Facebook accounts.
Check Point cybersecurity evangelist Ashwim Ram said some legitimate apps were also compromised with spyware after they’d been approved for use, making it even harder for users or tech giants to tell what was safe to download.
“This is what threat actors do — an app will go through the checks and balances of an app store and will get malicious code in subsequent updates,” he said.
“It’s a cat-and-mouse game. They’ll come up with new and innovative ways to infect victims and security researchers and organisations like Apple and Google will follow in trying to combat that.”
The tech giants also had to combat apps offered outside app stores, Mr Ram said, and attacks using software vulnerabilities.
Google, for example, this week warned of a zero-day attack on Android smartphones by surveillance company Cytrox that stole information using a flaw in Google Chrome and sold it to government-backed actors in companies including Egypt, Greece, Serbia and Indonesia. Three attacks were identified.
ESET Australia country manager Kelly Johnson said smartphone users were putting too much blind faith in apps, and should carefully scrutinise a program’s reputation and reviews before installing it on their most personal device.
“There’s not nearly enough concern. Who would accept an unknown substance from an unknown individual and keep it among their most personal possession?” she said.
“Yet people willingly install unknown apps from unknown developers and authorise these apps to manipulate deeply personal information and images on the device they carry on them every step of the day.”
10 APPS RAISING CYBERSECURITY QUESTIONS
NewProfilePic: Security experts issued warnings over this avatar-creating app in May after a developer discovered it used a Russian website in its code and had ties to a Russian location. Developers deny wrongdoing.
Craftsart Cartoon Photo Tools: This Android app contained a Trojan called Facestealer that harvested Facebook account details in March and sent them to a Russian server, according to Pradeo. The app was installed by more than 100,000 users.
Process Manager: This Android app, discovered by Lab52 in April, contained spyware that accessed a phone’s microphone and camera, phone records and text messages.
Color Message: Promising new emoji, this app was removed from the Google Play Store after Joker malware was discovered inside it that subscribed users to premium SMS services without their consent. More than 500,000 users downloaded the app.
BeautyPlus: Installed more than 300 million times, this selfie-enhancing app contained “malware or spyware” and was suspected of collecting data on Chinese servers and selling it.
FaceApp: America’s FBI issued a warning about this popular Russian app, calling it a “potential counterintelligence threat”. The app used artificial intelligence to create avatars from user photos but officials were concerned data could be shared with the Russian government.
CamScanner: Malicious code was added to this popular PDF app in an update, according to Kaspersky, but it has since been removed.
ZombieMod: This game app tried to take more than the usual permissions, collecting Gmail usernames and passwords, according to Wandera. It was downloaded more than 50,0000 times.
Study the Great Nation: This app, issued by the Chinese Communist Party and downloaded more than 100 million times, promised information about China and leader Xi Jinping but security researchers Cure 53 found it contained a backdoor to monitor and copy data on users’ phones.
Premise: This unusual gig worker app paid its users small amounts to take photos in public that it sold to clients including the US military.
More Coverage
Originally published as Smartphone spyware warning: why apps are becoming the next frontier in foreign espionage
