Home | Tech | New security risk for midmarket CIOs: Mobile app malware

New security risk for midmarket CIOs: Mobile app malware

By
Font size: Decrease font Enlarge font
New security risk for midmarket CIOs: Mobile app malware

With more smartphones shipping than PCs, mobile ad networks open up the perfect backdoor for downloading code

Asian cybercriminals have figured out an unusual way to use the architecture of a mobile ad network to siphon money from their victims.

The new method represents another step in the evolution of mobile malware, which is booming with more smartphones shipping than PCs.  Mobile ad networks open up the perfect backdoor for downloading code.

"It's a very, very clean infection vector," said Wade Williamson, a senior security analyst at Palo Alto Networks who discovered the new trickery.

In legitimate partnerships between ad distributors and developers, the latter embeds the former's software development kit (SDK) into the app, so it can download and track ads in order to split revenue.

Unfortunately, how well developers vet the ad networks they side with varies from one app maker to another. If the developer does not care or simply goes with the highest bidder, then the chances of siding with a malicious ad network is high.

Wiliamson found one such network's SDK embedded in legitimate apps provided through online Android stores across Asian countries, such as Malaysia, Taiwan and China. Once installed, the SDK pulls down an Android application package file (APK) and runs it in memory where the user cannot easily discover it.

Read more...

 

Join PRESIDENT&CEO on LinkedIn

Subscribe to comments feed Comments (0 posted)

total: | displaying:

Post your comment

  • Bold
  • Italic
  • Underline
  • Quote

Please enter the code you see in the image:

Captcha