Taylor Swift, Trump and Bieber – three names you don’t often hear in the same sentence. So why has this trio grabbed our attention at Wandera? Well, their names are all linked to Android applications that contain forms of malicious software.
With McAfee recently releasing a list of the most dangerous celebrities to search online and Gartner predicting that more than a quarter of attacks on companies will involve connected devices by 2020, we decided to investigate which celebrity inspired apps are most dangerous to install onto your mobile device.
Donald Trump. Arguably the most powerful person in the world. When he’s not denying climate change or blasting people on Twitter, he’s unknowingly inspiring developers to make Trump-based recreational apps. All fun and games? Not quite.
On the surface, these apps look harmless, but in July we learned that over two million users have already fallen victim to malware downloaded from the official Google store. With over a thousand apps Trump-based apps available in the play store alone, we thought we thought we’d investigate. From Flappy Trump and Trump’s Hair Salon, to Whack-a-Trump and Dump on Trump – there’s a game to satisfy every mood.
We looked at a sample of these apps and found that 26 of them had a strain of malware concealed within them, ranging from Adware and Ransomware, to rooting malware and Spyware. An unusual subject to target, but an effective one.
The concept of entertainment drives the user to download and within seconds they’ve installed a damaging piece of software to their phone that has no real need to be there. For those installing the applications onto their corporate devices, the potential cost could be huge. After infecting a device, Ransomware encrypts the files making them impossible for users to access – usually demanding payment in order to decrypt them or return them to the user.
Apps to look out for: Trump Dash, Punch The Trump, Talking Donald Trump
Bieber, it’s too late to say you’re sorry
Trump isn’t the only one, Beiber and Taylor Swift were both linked to malicious apps, but Bieber took first place. Out of the 920 Bieber-themed apps we analyzed in the Play Store, an astounding 11% of them had a type of adware or SMS malware hidden within.
In a sea of Trojans, Ransomware and Spyware – ‘SMS malware’ doesn’t sound that threatening, but don’t be fooled. Last month Google ejected 50 apps from its Play store that were harboring the SMS malware dubbed ‘ExpensiveWall’. The Malware, which was downloaded between 1 million to 4.2 million times, employed various techniques to lure in its victims.
The application carries a payload that registers victims for paid online services and sends premium SMS messages from a user’s phone, leaving them to pick up the bill. Once installed the malware can perform a number of actions, wreaking havoc with the infected devices. Once the malware has full control of the device it can do anything from monitoring and controlling the device via a backdoor, to intercepting two-factor authentication codes sent by online banking apps.
Apps to look out for: Hot Taylor Swift, Taylor Swift Puzzle, Save Bieber, and Justin Bieber Lyrics
Mobile malware 101:
If you’d like more insight into the prevalence of different strains of malware and how they can affect your device, download our mobile malware report. But for now, here’s a quick breakdown for you:
Malware that ‘roots’ the device, unlocking the operating system and obtaining escalated privileges.
A strain of malware that aims to steal your banking credentials.
Like the name suggests, these demand money from users, and in return, agree to release either the files or the functionality of the devices being held to ransom.
Malware that manipulates your texts resulting in SMS charges, the account holder usually doesn’t realize until they receive their next bill – ouch.
Malware that hides within a piece of seemingly innocent, legitimate software.
Again, it does what it says on the tin. Spyware monitors and records information about users’ actions on their devices without their knowledge or permission.
Don’t let them get the upper hand
You might not be careless enough to be charmed by a gimmicky app, but you can still be vulnerable to malware hidden within reputable sources. Most of the time you’ll be safe downloading apps from the Play Store, but look out for cloned apps from unknown developers, or applications that don’t do what they say they do in their description.
Wherever you’re installing an app from, check its required permissions before hitting install. Don’t allow an app to get admin permissions which prevent it from being deleted. Be to sure to check what the application is asking for – does a photo editor really need to access your contacts? It’s always good to check reviews and browse the developer’s website to see whether it’s a genuine operation.
Finally, keep your software up to date. Security patches are released for a reason – to fix security vulnerabilities and improve the usability and performance of your device.