Home > Blogs > Mobile Malware and Fake Apps: Hong Kong, China and The New York Times

For the past week or so, Hong Kong has erupted with peaceful demonstrations advocating for the ousting of the Chinese premiere and the right to peacefully and openly elect his replacement. While the Chinese premiere, Xi Jinping, looks to be going nowhere one thing has become clear - the mobile devices and Internet connections which helped to grow the nightly demonstrations are quietly suffering an inward meta problem - malware, viruses and fake applications.

As mobile platforms become more prominent and are used more robustly to organize, carry out financial transactions and conduct daily personal business, the time has come to address mobile malware and fake applications.

As reported by The New York Times on 10/2/2014 by Paul Mozur:

"The most recent salvo came to light on Tuesday, when Lacoon Mobile Security said that it has tracked the spread of a fake mobile application aimed at eavesdropping on protesters' communications. It what is known as a phishing attack, smartphone users in Hong Kong have been receiving a link on WhatsApp to download the software, along with a note: 'Check out this Android App designed by Code4HK for the coordination of Occupy Central.'"
"Code4HK, a community of programmers who have been working to support the democracy movement, had nothing to do with the applications, according to Lacoon."

The phishing virus in the form of a fake application has the power to, "gain access to personal data like passwords and back information, spy on phone calls and messages and track the physical location of infected smartphones." The article goes on to speculate while the origin of the phishing attach is unclear, most signs are pointing to the Chinese government.

In another article published by The New York Times by Molly Wood (also on 10/2/2014) titled, "Mobile Malware: Small, but Growing" Ms. Wood notes:

"A recent report by the security company McAfee said that there was a 197 percent increase in mobile malware from 2012 to 2013."
"The actual number of phones hit by mobile malware, however, is tiny. McAfee said one of the largest mobile infections it was tracking recently — a kind of malware that can lock your phone and all the data on it and hold it for ransom — had infected 20,000 to 40,000 mobile users in the United States."

While the actual number of phones hit and infected by mobile malware is currently tiny, industry experts believe the threat to be growing. Again, from Ms. Woods:

"Kevin Mahaffey, the chief technology officer at Lookout, said about 4 percent of its American users encountered one or more pieces of mobile malware a year. The numbers are much higher in Russia, at 63 percent, and China, at 28 percent, he said.
“On the scale of PC threats, that is lower,” Mr. Mahaffey said. “But it’s still something people need to be careful of.”
"But security companies like McAfee maintain that mobile malware is on the rise and that, while it might not be a major problem now, it’s a rising tide."
“We think the threat is real; we think it’s a growing threat,” said Gary Davis, McAfee’s chief consumer security evangelist. “We think there’s a laissez-faire attitude with consumers not giving it the same kind of attention they give other threats.”

It seems evident while mobile malware is currently a tiny segment of the ever expanding virus black market, the use of common fake apps phishing scams and mobile malware is on the rise.

This begs the question: With growing mobile malware threats, what can everyday consumers and businesses due to prevent and fight against growing mobile security concerns?

Stemming the Threat of Mobile Malware

All current evidence and testing points to acting responsibly. This is to say, to stem the rise of mobile malware, consumers and businesses should be careful about the source of all application downloads.

As seen by a security extensions within Mac and iOS platforms meant to block third party applications downloads from unknown sources and as seen by multiple Google Play Store applications designed to constantly scan your smartphone for any malware intrusions, the private market is churning out fixes for potential large-scale public headaches.

Going even further, Google recently released a system known as Verify Apps which has the express purpose of scanning downloaded apps to ensure their security. The basic idea here is simple: major service providers are quietly urging consumers and businesses to act responsibly while using their mobile devices. The current keys to security:

  1. Download apps from an approved app store - Google Play and/or Apple App Store

  2. Download app scanners to ensure all already installed apps are clean of malware or potentially virus ridden coding

  3. Common sense. If something seems fishy, stay away from it. Mobile providers, more than anything else, are pushing for common sense behavior. Stay away from risky items.

  4. Finally, and maybe luckily so, as noted by Ms. Woods:

    "But if you’re not a celebrity or a protester, and you’re not carrying corporate or government secrets on your device, it is certainly not your biggest computer security problem. And if you practice basic security hygiene on your mobile phone — good passwords, downloading apps from reputable sources and treating email on a phone with the same caution as on a computer — it is easily avoided."

    Remember, if you like this content and want to chat about it, you can reach me at the following social spaces:

Become an InformIT Member

Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.