Brand-Associated Malicious Apps on the Rise

Written by

The number of malicious apps piggybacking on famous UK brands has grown by 130% year on year, a new study has revealed.

RiskIQ examined apps that are owned by or leverage brands belonging to 45 of the UK’s top companies, spread across five verticals - banking, retail, media and entertainment, travel and online gambling.

In total, the research uncovered 107,367 brand-associated blacklisted apps; blacklisted apps are those which have failed a virus scan by one or more of the major virus vendors, or if it links to a page that is known to spread malware. That figure represents 43% of the total number of apps examined, and is a 131% increase over the last year.

Brand-associated apps are certainly on the increase, which is providing plenty of opportunity for cybercriminals to produce malicious apps that can fool people into thinking they are legitimate. RiskIQ discovered 248,701 brand-associated apps that appeared in 2016, a 63% increase on the year before. It’s also the equivalent of 5,805 mobile apps on average per brand.

In addition to this, the research also found that brands are spreading their apps far and wide. On average brands had apps in 80 different app stores, a 32% increase on the year-ago figure. Feral apps - those that can be found online but are not in any recognized app store - have increased by 165% in the last year.

These last two findings are particularly worrying because unofficial or unrecognized app stores can pose huge risks to consumers and businesses. They are often full of malicious applications that if downloaded can spread malware that can steal sensitive data from users. The problem is particularly severe for Android users, where the more open approach to downloading and installing apps puts users at greater risk.  

Ultimately however, companies should be doing more to protect the brands, according to Ben Harknett, VP EMEA, RiskIQ. “In our connected generation, we as consumers turn to our mobile apps for banking, gaming, shopping, travel advice and even to control aspects of our home such as the temperature or lights.

“This growing reliance comes with an expectancy that top brands will protect our digital existence. If a customer experiences malicious activity whilst using an app they think belongs to a business, the blame is sure to be placed on the brand itself – not on the rogue app. Organizations need to know what mobile apps are out there and which are putting businesses and their customers at risk."

What’s hot on Infosecurity Magazine?