Go Back

Threat intelligence to help you avoid toxic rogue mobile apps

August 23, 2017


Image Courtesy BBC News How did my dad’s Uber account get hacked?

Sometime around July 6, 2017, ABC News Brisbane reporter Josh Bavas, received 2 a.m. notification that someone had just accessed his Uber account in Los Angeles and shortly after, someone in Moscow. (He was in Australia.) He tried to get into his account to see the problem, but he had been signed out and his password changed.

In a similar story back in May 2015, BBC News explained: Fraudsters change the phone number or email address to prevent the account holders from immediately realizing they’ve been hacked.

Uber claims it found no evidence of a breach, suggesting that perhaps the breach was actually done on the individual smartphone. Sadly, over the past two years thousands of Uber accounts across the globe—the UK, the United States, and Australia—have been continually hacked from deep web sources.

After 2 long years of PR struggles and bad press, of which Rogue Mobile App fallout was the only part, Uber CEO Travis Kalanick resigned (June of 2017).


Experts are seeing an upswing in the amount of rogue and fake mobile app activity these days. The fact is, it’s easy to do. From a criminal perspective, these apps are cheap to fake, and today’s distracted smartphone users are just not that aware or careful.

The device itself facilitates this type of fraud. That’s because the size of the display can make it difficult to distinguish a counterfeit logo or brand design, where details are blurred and forgeries harder to detect.


So how do mobile apps go rogue?

Sadly, the answer is quite simple—Malware. One reason the Uber hijack has ginned up so much frustration has been the subsequent difficulty canceling accounts once they’ve been hacked.

This Uber hijack is only one instance of a mobile app gone rogue.

Some apps actually come to the consumer already rogue. And, a graphically pristine download page is no guarantee of authenticity. They don’t all look like shady knock-offs from a questionable website.

On August 14th, SC Magazine UK reported that horrifying 1000+ apps in Google Play store contained SonicSpy spyware. That said, Google does a consistent job of policing their inventory. This, apparently, just happened to be a really bad month.

SonicSpy malware can execute up to 73 stealthy, remote commands without the phone owner being the wiser. These tasks include:

  • Taking photos
  • Making calls
  • Sending texts
  • Stealing contacts

It’s enough to give a phone owner the creeps—and, not much better for the organization looking to protect intellectual property.


Arming your organization

How does an organization protect itself against Rogue Mobile Phone Apps, especially in a day where BYOD is so prevalent? New phones across the board may not be a viable solution due to potential expense and disruption.

So what can an organization do to mitigate this risk?

Image Courtesy Waterford Bank

Monitor security activity on your current apps. Blueliv offers an Enterprise Threat Intelligence Solution module specifically targeting Rogue Mobile Apps.

This targeted module can send integrated notifications through your current security dashboard of activity surrounding newly published apps.

The Rogue Mobile App module allows your security team to get on top of potential situations quickly. Speed is critical because, like in the situation with Uber brand abuse, the faster you respond, the greater your potential to avert problems.


Learn to identify and avoid Rogue Mobile Apps


1. False apps

Back in January of this year, Securityweek reported that Zscaler Security found a fake Netflix app that was installing a Remote Access Trojan that was taking control of Android devices. Sometimes you can tell you’re looking at a fake just by looking at the logo.

The address in the “from” line shows you this is a counterfeit even if the logo design and font are too close to call.


Courtesy Device Geek Blog


2. Infected apps

Like those 1000+ apps in the Google Play Store that had a Sonic Spy infection, don’t be fooled by the trustworthy appearance of your app store.

Their developers may have built apps on a risky code.

You need a way to monitor activity that will inform purchasing decisions.


3. Modified apps

Google Play checks for IOCs like the theft of pictures and contacts to isolate telltale behaviors.


4. Copied apps

This form of Brand Abuse falls into the territory of intellectual property. In March, Redcode reported that Facebook had allegedly cloned Snapchat’s photo montage feature. Whether this is true is up to the courts. That said, brand abuse doesn’t just come from deep web criminals. It can come from big name competitors, and having alerts can mitigate problems.


Final Thoughts

Rogue Mobile Apps are nothing new, and frankly, as long as there are criminals looking to make quick money, they’ll be here to stay.

Businesses need to prepare themselves ahead of time for potential problems that come from Mobile App hijackings. It’s easy from the safety of an armchair to point an accusing finger at Uber and hypothesize how this hijack could have been prevented.

Rogue Apps boil down to brand abuse. The toll an event like Uber can take on an organization can be devastating—lost business and trust. But that doesn’t have to be the case for your business. You can protect your privacy and your assets.

If you’d like to learn more about Blueliv Enterprise Threat Intelligence solution to get the right tools for your business security in place, contact us now.

One of our analysts will be happy to explain how you can get alerts delivered right into your existing security system.


Rogue Mobile App

The Blueliv Rogue Mobile App Module helps you to identify false, infected, modified, or copied apps—as well as apps performing brand abuse activities. Now you can detect rogue applications that bear your name when they are uploaded to a marketplace, as well as illegal mobile apps that are being publicly published without your organization’s authorization.

Community Support Demo