Every day, more and more low skilled criminals and cyber hackers are aiming for innovative ways to crack into your personal device. Beyond the traditional methods, such as fake emails or deploying viruses in websites, hackers are starting to make more bold moves in the name of illicit cyber-attacks.
The newest trend for malicious attacks, called mobile app collusion, has been hiding in plain sight on personal devices. This method involves a cybercriminal deploying two or more apps to a device. One app serves as the entry point into a person’s private information, using permissions and access granted by a user. The first app is initially trusted by the user and allowed to access different information on the personal device. Vital data such as location, bill information, payment apps, social security numbers, photo albums, and email accounts are most commonly accessible areas for the first app. The second app serves as a getaway car, which funnels the information collected by the first app onto a safe point where the information is then gathered by the criminal group. These criminals use the malicious apps to hide in plain sight of a user and creates a facade of a safety net.
Some of the apps used within this new method of mobile app collusion are being done so without the knowledge of the app developers or the operating systems. Many apps are also victims themselves in the war against malware. Cybercriminals tend to target apps that have not been updated to the latest version and use this as an opportune window into a personal device. Since the app has not been updated with latest security updates, hackers can deduce that users trust the app enough to leave the app on their phone with little attention or notice. Perfect for hiding in plain sight.
Apps that deal directly with sensitive or financial information, such as banking apps, are the most highly prized for these cyber criminals. The most commonly targeted apps for mobile app collusion are usually utility applications that tend to have fewer updates. Health monitoring, bill payment, and video streaming applications are all vulnerable to being hijacked by an outside hacker. With mobile malware on the rise and increases quarter after quarter of new malware in the tech field, being aware of the enemy is the first line of defense.