Don’t Let Malware Sneak Into Your Phone: 3 Things To Do When Downloading a New Game

JANUARY 25, 2016 • Blog Post • By Sue Poremba, HPE Matter contributor

IN THIS ARTICLE

  • Malware developers are taking advantage of the huge volume of apps in app stores, masking malicious code in credible sources
  • Users should also be wary of popular game spoofs that trick users into downloading a malicious version

Security experts share advice on how to avoid cyber attacks when gaming

Security experts have long encouraged smartphone and tablet users to download their apps from legitimate and verified sources: official app marketplaces like the App Store or Google Play, or directly from the app developer’s site. Stay away from third-party markets, the experts warned, because those apps aren’t monitored and could contain malicious software.

Malware developers, however, are smart people, and in the past year they’ve managed to bypass the app-vetting process and are delivering malware-infected apps into official OS-related marketplaces. This is especially a problem for gaming apps.

Android has long had issues with malware making it through to Google Play because the vetting process isn’t as strenuous as the one for Apple. That doesn’t mean Apple users can be complacent. In the fall, malware was found in nearly 100 apps in the App Store.

What’s causing this malware?

So what is the deal with the malware explosion in gaming and music apps? There are several things at play here, according to Mark Parker, senior product manager at iSheriff. First is the sheer volume of the apps now available.

“The large volume of new apps being submitted every day, coupled with the plethora of existing apps needing upgrades, equals millions of lines of code,” says Parker. Even though the stores are vetting the apps for malware, it isn’t feasible to go through each line of code. Malware developers are taking advantage of this and are improving the ways they mask code.

Malware developers are also taking advantage of less advanced app users—those who are just interested in downloading a fun distraction and aren’t focused on security or the permissions the app requests. They can easily bury and spread malware into these apps because users just aren’t paying attention.

There’s a difference between Angry Birds and Flappy Bird?

Finally, malware developers often clone popular games to trick users into downloading a malicious version. The developers generate SEO keywords that mimic the popular game and use similar art styles. The popular Flappy Bird game was a victim of such a spoof as malware developers created clones that posed as extensions or sequels to the original game. This malware took over the user’s phone, making spam phone calls and text messages and/or downloading other apps without permission.

“There has been a recent rash from Brain Test malware, with apps like Jump Planet, Just Fire, Tiny Puzzle, Hot Planet, Cake Tower, Crazy Block and several others found in the Android app store,” says Parker.

Once malware is installed, it has access to everything, from data in all apps, as well as any data keyed into the device. For the employee using their personal phone for work, an app that was meant for free-time entertainment could be stealing information from email or corporate documents.

3 ways to avoid gaming app malware

  1. Over the past year, ransomware has become more prevalent in mobile entertainment apps, says Steve Lowing, director, product management at Promisec, and it is getting more advanced with each new introduction. Having a backup of any data accessed on mobile devices is absolutely necessary; otherwise, everything on your device could be locked and gone forever.

    Having anti-malware software downloaded on the device is a good place to begin malware protection, but the software won’t catch everything. Both Lowing and Parker recommend sticking with the official app marketplaces for downloads, as they are still the safest option.
     
  2. At the same time, you may want to consider the “freemium” model. “Free apps offer ads that could trigger the end user to go to a malicious third party location to download malware,” says Lowing. Upgrading to a paid version of a game or music app often eliminates ads altogether, and in turn, lessens the risk of malware infection.
     
  3. Lastly, says Parker, look at the rating. Most of these types of apps will have a large number of very positive ratings that are fake, and then a very large number of real, very critical ratings. There will be very few mid-grade ratings. “Read the critical ratings,” he said. “If users are making legitimate complaints, that should concern you.”

Hackers have now developed into organized businesses. Get an inside look at the business behind hacking and protect the future of your enterprise with HPE’s new report, “The Business of Hacking.”

RELATED NEWS