In case Cloak and Dagger fell into the wrong hands, it can be used to launch massive attacks before any publisher, such as Google, shuts it down. If that happened, the potential damage from the attack would be a clear indication of how lethal those corrupted and vicious bogus applications can be.
Precaution against Malware Loaded Apps
In the past, such apps that were loaded with malware were only limited to unofficial sites and portals, which were only frequented by web surfers who have removed the safety restrictions of their devices by cracking them with the aim of accessing additional functions. Other users who could use such sources are those who live in a certain region where the access to the apps have not yet been launched or will be launched. The latter case was very common summer smash last year with Pokémon Go.
As a precautionary measure against such malicious attacks, developers and publishers are strict with their users about keeping their devices within the proper security settings. They are also strict about users sticking with trusted and approved app stores.
However, in recent years, these precautions seem to be failing and the walled garden seems to be crumbling. It started with Cloak and Dagger that could be used to exploit apps creating tension among users. The worst news is the fact it is not the only case and since then, there had been several other cracks appearing for some time now. A good example is the malware YiSpecter that was discovered in 2015 and had been hiding in Apple App Store in Taiwan and China for over 10 months.
How Malicious Apps Corrupted the Trusted Ones
• Hijacking a Brand
For a malicious app to crack through the walled garden, it is only a portion of the victory for the attacker, as he needs to get victims to download them. The criminals need to package the payload in a generic mobile game or fitness in order to trap people. To do this, they hijack a well-known brand and hence able to hit as many victims as possible. Once again, Pokémon Go is a suitable example where several apps claimed to offer guides for the malware harboring malware.
• Republishing a Fully Functional App
Criminals also corrupt apps by republishing most popular apps by releasing corrupted version. Additionally, although this method is time-consuming, it is even more dangerous than the first one. In this case, the attacker breaks into an apps security system and accesses its binary code. The most vulnerable are the mobile apps that get out of the developer’s hands the moment they are published. This makes it easy for attackers to take them into a sandbox mode, hit them with several attacks until they manage to crack their security system.
According to a research done by Arxans, it was revealed that most apps lack binary protection and this includes most of the top financial mobile apps. Once the criminal accesses the binary code, he can change the way it works. Then he can remove security codes and restrictions. Finally, he can load it with malware that targets the device or other installed apps.
At this point, the attacker has the capability of developing a clone app that hides the malware code. Then, he republishes the app and if the malicious code is as sneaky as Cloak and Dagger, then it can easily appear on authorized app stores. Republishing apps can also be done on OS portals as it happened in May where HandBrake, an open source video app was hit by a copy hiding malware. Panic, an app developer also suffered attacks on several of its apps.
The only way to take control of app security is if developers could take note of malicious apps developers in addition to accepting that they can no longer rely entirely on walled garden app stores to protect their clients from attacks. They should take a step further and develop measures to protect their code.
A good mobile app Agency London would suggest deploying the binary code with code obfuscation technique in conjunction with debugger detection measures. Obfuscation surprises the attackers who manage to break the app with a jumble nonsensical code making it hard for him to identify the encryption keys or any other important data that will help in remaking the app.
Meanwhile, debugger detection will detect when the app has been opened in sandbox environment other than a real device. If the app further contains security checksum, it will refuse to open and even alert the developer about the possibility of tampering.
Taking such responsibility on the security of their apps is the only sure way to assure users of protection from attacks. Although this does not stop attackers from creating harmful apps that try to work around the stringent security measures by the app stores, it can create a hard time for them to deploy successful attacks.