Threat Intelligence Blog

This Friday is Valentine’s Day, and people’s hearts – and wallets – will ostensibly be open for love. Unfortunately, criminals and fraudsters know this, too, and are devising holiday-themed rogue mobile apps that can steal personal information and spread malware.

Security software vendor Bitdefender has reported several Valentine’s Day apps available on GooglePlay that are requesting more information and permissions than are needed to actually run them. The “Valentine’s Day 2014 Wallpaper” app can broadcast your location online and access your phone’s browsing history. The “Valentine’s Day Frames App” can read your mobile phone’s contact list, and the “Love Letters for Chat, Status” app has permissions that can allow it to add or change events on your mobile phones calendar, send emails to people without you knowing, call numbers, and even change your audio settings.

Valentine's Day Apps on the GooglePlay Store
Valentine’s Day Apps on the GooglePlay Store

While it may seem harmless, allowing your mobile apps to access more information than necessary can expose you to some risks. If your location is being continually broadcast, criminals and stalkers can see a pattern of where your phone is used and use it to burgle your home or worse. Likewise, a mobile phone’s browser history contains a lot of sensitive information that criminals can use. A criminal can find out which bank you use, what websites you visit, or other personal information that can be used to blackmail you or for future phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. attacks. Mobile app malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. can be used to send unwanted ads, steal credentials to banking accounts, and more. And finally, a mobile phone’s contact list can be used for spamming, impersonation, or spoofing your emails.
Here are some additional tips for this Valentine’s Day:

  • Be wary of any emails or text messages sent to you offering free Valentine’s Day goodies. Make sure the link is going to the official website before clicking on it, or visit the retailer’s official website directly to find the deal.
  • Only download mobile applications from legitimate mobile app storefronts, such as GooglePlay, iTunes, and Windows Marketplace.
  • Make sure you know which permissions the app is asking for, and think twice about whether the app needs those permissions to operate.
  • Similarly, only disclose personal information that the app needs to operate.
  • Before you install any apps, read the reviews and comments on the app store to see whether anyone else has had problems with the app and to confirm that you’re downloading the legitimate version versus a “counterfeit” app.

Learn more about our mobile application monitoring and takedown services to see how we can help your organization find and remove bad apps that may be misusing your brand name.

Additional Posts

Groundhog Day for DNS DDoS Attack Announcements

On February 11, 2014, Prolexic announced that there is increased likelihood of Domain Name Services ...

LookingGlass Issues Special Alert Linking Major Cybercrime Organization to IT Infrastructure at Sochi

Investigation reveals connection to Russian Business Network, a known reseller of stolen identities.