Malicious mobile apps doubled in last 12 months

By Amy Sarcevic
Thursday, 04 June, 2020

Malicious mobile apps doubled in last 12 months

Cybercrime targeting mobile users is on the rise during COVID-19 with the number of malicious mobile applications doubling to more than 29,000 in the first quarter of this year, according to data from Upstream.

The company’s anti-fraud platform — which covers 31 mobile operators across 20 countries — also detected a 55% spike in fraudulent mobile transactions and an increase in malware-infected mobile devices.

Concerningly, nine of the top 10 malicious apps identified this year were available on Google Play, meaning they had passed security checks. In 2019, 30% of them had made their way onto the platform.

Most of these apps (six out of 10) were leisure-orientated — with categories such as “video players & editors”, “news & magazines”, “games” and “social” among the most popular targets.

Geoffrey Cleaves, Head of Secure-D at Upstream, said the data clearly indicates the desire of threat actors to exploit the behavioural trends of mobile users, during COVID-19 lockdown.

“With the majority of the world having shifted indoors, there were some darker forces acting to make a profit from the lockdown situation. At Secure-D, we’ve seen a sharp increase in bad actors publishing ‘leisure’ apps on the Google Play Store which trick users into subscribing for premium services,” he said.

Exactly how much the COVID-19 pandemic will continue to shape 2020’s figures remains to be seen; however, the impact is likely to be significant, Cleaves added.

“Being in lockdown means prepaid customers will find it difficult to get out the front door to top up their data bundles,” he said.

“In the meantime, malware could be eating into those data bundles. I suspect we may see a drop in mobile internet traffic, and successful billing attempts, in predominantly prepaid developing markets while lockdowns are in force.”

The most troublesome app so far this year has been Snaptube, a video downloader app downloaded more than 40 million times worldwide.

In 2019, Upstream’s Secure-D platform logged 70 million fraudulent transactions through the app — blocking 32 million of them. The app is still available through many third-party app stores.

Image credit: ©

Related News

SMEs don't understand security risks, ACSC survey finds

Cyber incidents cost Australian SMEs $29 billion each year, yet nearly half of them do not invest...

Less than 10% of APAC orgs have a CISO

Research commissioned by LogMeIn found that many Asia–Pacific organisations are struggling...

Consumer Data Right for banking sector arrives

The reform introduces significant changes to information sharing practices within financial...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd