![]() In the findings we discovered manipulated versions of branded banking apps, third-party developed financial services apps, bank account login aggregators, etc. One of our customers - CISO of a F500 Insurance Company -recently articulated, mobile app stores are "a landscape that lacks conventional sensors." Without visibility, you and your brand are at risk.Īt RiskIQ we recently released findings that as many as 40k potentially dangerous Android-based mobile banking apps exist in dozens of mobile app stores around the globe. Simply put, a surprising number of outright malicious applications distributed by these "trusted" app distribution channels. If pseudo-legitimate companies like Hacking Team were offering these capabilities to bypass the store controls at leading app stores like Play and iTunes, think what the efforts of dedicated threat actors conducting outright cybercrime can produce. The offer for the New York attorney, drafted in April this year, was far cheaper and provided more, costing $60,000 and offering a malicious app for Apple’s App Store as well as Google’s market. The first list promised a “dedicated, valid Android app published on the Play Store… that can be used to infect a controlled number of target devices” for €160,000 ($175,000). It might just be sophisticated, stealthy malware written by coders at “notorious” Italian surveillance company Hacking Team that works with the likes of the FBI, the Drug Enforcement Agency and umpteen other global government agencies, some of which have questionable records on human rights.Īmongst 415GB of documents leaked by the Hacking Team hackers this weekend were two pricing lists, which included mobile surveillance offerings delivered via the App Store and Google Play. The goal: allow Hacking Team customers - primarily nation states - to target individuals with malicious mobile applications served up from these "trusted" app store sources.Īnyone browsing Apple’s App Store or Google Play should be careful about what they download. Publicized among Hacking Team's service offerings were the advertised capability to get malicious apps into the Google Play and/or Apple iTunes app stores. Thanks to the work of dedicated researchers unpacking the delicious Hacking Team treasure trove of leaked data, and this excellent Forbes article, we now know that Hacking Team's malicious offerings extended beyond web exploits into the mobile channel. ![]()
0 Comments
Leave a Reply. |