Threat Intelligence Blog

Posted February 10, 2014

This Friday is Valentine’s Day, and people’s hearts – and wallets – will ostensibly be open for love. Unfortunately, criminals and fraudsters know this, too, and are devising holiday-themed rogue mobile apps that can steal personal information and spread malware.

Security software vendor Bitdefender has reported several Valentine’s Day apps available on GooglePlay that are requesting more information and permissions than are needed to actually run them. The “Valentine’s Day 2014 Wallpaper” app can broadcast your location online and access your phone’s browsing history. The “Valentine’s Day Frames App” can read your mobile phone’s contact list, and the “Love Letters for Chat, Status” app has permissions that can allow it to add or change events on your mobile phones calendar, send emails to people without you knowing, call numbers, and even change your audio settings.

Valentine's Day Apps on the GooglePlay Store
Valentine’s Day Apps on the GooglePlay Store

While it may seem harmless, allowing your mobile apps to access more information than necessary can expose you to some risks. If your location is being continually broadcast, criminals and stalkers can see a pattern of where your phone is used and use it to burgle your home or worse. Likewise, a mobile phone’s browser history contains a lot of sensitive information that criminals can use. A criminal can find out which bank you use, what websites you visit, or other personal information that can be used to blackmail you or for future phishing attacks. Mobile app malware can be used to send unwanted ads, steal credentials to banking accounts, and more. And finally, a mobile phone’s contact list can be used for spamming, impersonation, or spoofing your emails.
Here are some additional tips for this Valentine’s Day:

  • Be wary of any emails or text messages sent to you offering free Valentine’s Day goodies. Make sure the link is going to the official website before clicking on it, or visit the retailer’s official website directly to find the deal.
  • Only download mobile applications from legitimate mobile app storefronts, such as GooglePlay, iTunes, and Windows Marketplace.
  • Make sure you know which permissions the app is asking for, and think twice about whether the app needs those permissions to operate.
  • Similarly, only disclose personal information that the app needs to operate.
  • Before you install any apps, read the reviews and comments on the app store to see whether anyone else has had problems with the app and to confirm that you’re downloading the legitimate version versus a “counterfeit” app.

Learn more about our mobile application monitoring and takedown services to see how we can help your organization find and remove bad apps that may be misusing your brand name.

Additional Posts

Groundhog Day for DNS DDoS Attack Announcements

On February 11, 2014, Prolexic announced that there is increased likelihood of Domain Name Services ...

LookingGlass Issues Special Alert Linking Major Cybercrime Organization to IT Infrastructure at Sochi

Investigation reveals connection to Russian Business Network, a known reseller of stolen identities.