Why tens of thousands of Android users in the UAE fell victim to vicious malware

Mobonogram, which was available for download earlier this year, described itself as a super-charged version of the Telegram messaging app – but the app did much more than people bargained for

(FILES) In this file photo taken on September 26, 2017, this photo illustration shows the Whatsapp application logo (C) on a smartphone screen in Beijing.  WhatsApp on May 14, 2019 warned users to upgrade the application to plug a security hole that allowed for the injection of sophisticated malware that could be used to spy on journalists, activists and others. / AFP / NICOLAS ASFOURI
Powered by automated translation

Some apps can have evil intentions, while also being masters of disguise. Mobonogram, which was available for download earlier this year, described itself as a super-charged version of the Telegram messaging app with “more features than other ­unofficial versions”.

In the first six months of 2019, it was downloaded to more than 100,000 Android devices, – the majority of them in the UAE and Iran – but the app did much more than advertised. Users found that their phones became sluggish, as a code within the app made calls to malicious websites and displayed adverts featuring fake offers.

And it was only outed as a virus in Symantec research published this month. But Mobonogram is just one example of PHAs, or Potentially Harmful Apps, which are rife in the Android ecosystem. The makers of PHAs are criminals; those of us who download them are the unfortunate victims.

It's a minefield out there: beware of the viruses

A two-year long study that was recently published by the University of Sydney attempts to quantify the extent of the problem. Focusing on a set of about 50,000 apps that were masquerading as other popular apps, researchers found that 2,040 of them had malware, 1,565 potentially compromised security, and another 1,407 had suspiciously large amounts of advertising. That adds up to over 5,000, around 10 per cent of the set. "A number of problematic apps have slipped through the cracks and bypassed automated vetting procedures," said a co-author of the study, Dr Suranga Seneviratne.

For many users, their smartphone is online almost all day and never off. And once a smartphone is infected, malware can access more sensitive personal information than is available on a PC.

The dangers of malware on computers have been apparent for many years, but this newer strain of smartphone malware poses additional risks, according to Lukas Stefanko, a researcher at cybersecurity firm Eset. "For many users, their smartphone is online almost all day and never off," he says. "And once a smartphone is infected, malware can access more sensitive personal information than is available on a PC."

As with most malware, its purpose is to make money for the criminals behind it, and a number of nefarious techniques are used by PHAs. Many of them launch without warning every time the phone or tablet is started up. Apps such as Mobonogram browse a list of malicious sites, while others collect usernames and passwords, or display a relentless sequence of advertisements in an attempt to rake in revenue. Some apps ­pursue your money directly. The past two months has seen a number of Android apps posing as digital wallets or trading platforms in an attempt to steal cryptocurrencies, emptying ­accounts as soon as passwords have been provided. Last year Indian smartphone users encountered a variety of malicious apps pretending to be banking services, requesting Pin IN s, passwords or credit card details in order to ransack the accounts of anyone who downloaded them by mistake.

Apple might be safer than Android when it comes to malware

You might hope that these apps could be blocked before they ever reach our devices, but while Apple only allows those that are carefully vetted to be installed via its App Store, Android phones permit you, after an initial warning, to ­download from other sources. One of those is 9apps (owned by Chinese tech giant Alibaba) was found earlier this month to be hosting malware-infested apps, which, when downloaded, replace other apps on your device with fake versions that look identical. On Google Play, there is an ongoing battle to remove PHAs with malware hidden in encrypted code, or timed to activate long after they've been installed. "Android has a bigger market share than iOS, and because of that it becomes more attractive for the bad guys," says Stefanko. "But it's also an open platform, and that will always bring the possibility of loading apps from unknown sources."

So how do we prevent our technology from becoming infected?Apple is by no means immune. At the end of last year, an unauthorised app for setting up Amazon's Echo smart speaker found itself in the top 10 utilities, and was later found to collect an alarming amount of personal data. But both Apple and Google strive to provide a first line of defence against PHAs, and the latter in particular is keen to assure us of its commitment to safety. Google Play Protect, launched in 2017 and built into every device with Google Play, it scans more than 50 billion apps a day across 2 billion devices, checking for malware and removing it. But the sheer size of the platform means that the threats are relentless. About 165 billion Android apps were installed in 2018; Google's figures suggest that only 0.042 per cent of those installed were PHAs, but that multiplies up to a staggering 70 million installations.

So how do we prevent our technology from becoming infected?

Given the nature of the threat, it's down to us to mount a vigilant second line of defence. The first step, says Stefanko, is not to download Android apps from outside Google Play. "Installing software from different sources is a bad habit that many Android users carry from Windows PCs," he says. "If someone decides to install a third-party app after being warned not to, you can't blame Android."

But deception is rife in authorised app stores, and we can easily be fooled. Fake apps use identical icons to the app they're mimicking. Others position themselves in search results for phrases like "how to update my phone" in order to take advantage of people who aren't familiar with technology. And some apps prey on human impatience, perhaps our inability to wait for the release of a game – or, in the case of Mobonogram in the UAE, the fact that an app isn't available in our territory. "Most of these attacks are based on false promises," says Stefanko. "Unfortunately, we can't always tell if the app is harmless or not." The best advice from experts is to keep system software up to date, not to download apps from unfamiliar places, and just be aware that these threats are very real.