It’s no secret that we have an ongoing love affair with our smartphone apps. Whether it’s Angry Birds, Periscope, or those irritating health apps we download on New Years day and then curse every time they remind us to exercise, it’s clear that we have become addicted to our apps. But for every app that entertains us or simplifies our daily lives, there is an app designed to infect our phones and tablets with malware. An app whose sole purpose is to steal our personal data so it can be exploited by criminals and hackers.
To be fair, many of these apps are easy to spot in the wild, and if you’re careful to only download software from reputable sources odds are good that you can avoid the worst of them. But cyber criminals are crafty, and when they create counterfeit apps that mimic those we know and trust, even the best of us can be fooled. That’s the scenario playing out right now in the Microsoft App Store, where scammers have been passing off faked versions of some of our favourite apps.
Hiding in Plain Sight
Avast, a leader in online security, has discovered more than 50 fraudulent apps being offered through Microsoft’s App Store. The counterfeit apps have been designed to look like a variety of popular smartphone applications, most notably Facebook Messenger, WhatsApp, and the BBC News App. The majority of these apps have been designed to collect the user’s data so that they can then be targeted by unwanted pop-ups and advertisements. A few of the apps also divert users to web pages that force them to make an online purchase. Two coders, identified as Ngetich Walter and Cheruiyot Dennis, are said to be responsible for the creation of these apps and their appearance in the Microsoft Phone Store. A wide variety of apps are said to have been targeted, including WhatsApp Funny Status, CNN World News, BBC Sport Highlights, M-Tunes, and Bet365.
An Ongoing Problem for Microsoft
This is not the first time the Microsoft has fallen prey to hackers and cyber criminals. According to Avast security blogger Filip Chytry the Windows App Store is becoming “an increasingly popular platform for bad guys”. Google and Apple have been steadily increasing security protocols in their app stores, making them more and more difficult for hackers to infiltrate and exploit. “As a result”, writes Chytry, “a less widely used, third party app store such as Windows Phone Store is an ideal place for a hacker to hunt for a security loophole.” The problem is exacerbated by the fact that most users fail to report bad apps, even when they are clearly fraudulent. Consequent, it takes time for the counterfeit apps to be discovered and removed from circulation.
How to Protect Yourself from Counterfeit Apps
While it is not always possible to avoid a fraudulent app, there are some warning signs that can at least minimize your risk. First, check out the developer and look for other apps that they have designed and marketed. Of course, if the app is a counterfeit the hackers may have been able to fake the developer’s ID, so this should not be the only method of verifying an app’s authenticity. Second, read the online reviews. Again, this is not foolproof but it can be a good indicator when assessing an app prior to download. Finally, look at the size of the app. If it seems small for what is being offered there is a good chance that it’s a fake, and only contains enough data to infect your device. Of course, it’s probably not possible to avoid every scam, but these tips can greatly reduce the risk.
The infiltration of the Windows App Store is not unique to Microsoft, though their current security policies may in fact have made them more vulnerable to attack. As detailed in a recent article on the MobilePhoneDeals.uk blog, Apple themselves have had similar troubles with the recent XcodeGhost attack, in which hackers were able to hide malicious software in popular, and otherwise innocent, smartphone apps. That proved to be a major embarrassment for Apple, and one that should be a lesson to other tech firms offering third party apps. It is no longer enough to test and verify the clearly suspect apps, they must also test submissions from seemingly trustworthy sources. Hopefully, it is a lesson that Microsoft has taken to heart.