RiskIQ analyzed 120 mobile app stores and more than two billion daily scanned resources. The findings showed that taking advantage of the popularity and volatility of the cryptocurrency landscape is paying off for threat actors via the mobile attack vector and that malicious apps leveraged by nation-state actors are becoming more prominent.
In Q1 RiskIQ issued an alert, warning of blacklisted apps masquerading as, or associating themselves with Bitcoin exchanges, Bitcoin wallets, or just cryptocurrency in general. These are indicative of the rise of digital currencies and their attractiveness as an income stream for both crooks and legitimate businesses.
The RiskIQ Q1 Mobile Threat Landscape Report also showed that malicious mobile apps continued to decline, despite the number of total apps observed by the company. The last four quarters have increased by hundreds of thousands. In Q1, 21,948, or 1.4%, of the total of 1,508,825 newly observed apps were blacklisted, which is a lower percentage than in the previous four quarters.
The numbers of blacklisted feral apps declined for the fourth-straight quarter, from 3,507 in Q4 2017 to 1,981 in Q1 2018, but still represents a significant portion of all blacklisted apps; forty-six percent of feral apps were blacklisted in Q1 2018.
Meanwhile, Google hosted 8,287 blacklisted apps in Q1, which is consistent with previous quarters and outpaces the next most blacklisted store, AndroidAPKDescargar, by 4,595. Although the Play Store consistently had high numbers of blacklisted apps between Q3 2017 and Q1 2018, its rate of blacklisted apps has hovered around a relatively modest five percent.
The report found that many blacklisted apps shared several of the same permissions. Eighty-six percent of apps blacklisted in Q1 claimed the READ_SMS permission, which allows the app to read messages and can be used for any number of nefarious purposes, including circumventing two-factor authentication.
Most of the apps that can read messages can also track location, read and write to the call log, generate alert windows, change settings and other dubious requests. Among apps blacklisted in the Google Play Store, 1,207 access the phone’s camera, nearly 800 of which also record location data and about 600 record audios.