Trusted app stores such as Google Play Store and Apple App Store normally house apps that are supposed to be safe and harmless to users. But a recent report from security firm Proofpoint claims otherwise.
The report found that Android and iOS users have downloaded and installed thousands of malicious apps from the large app stores that either steal their personal data or create backdoor access to their mobile device.
Proofpoint analyzed what it deems as legitimate app stores and found that more than 12,000 apps designed to steal data and provide backdoor to hackers have been downloaded at least two billion times, indicating that malicious mobile apps are increasingly becoming a major threat to mobile users, having evolved from their previous status as merely sideline threats.
The fact that the detected malicious mobile apps in Google Play Store and Apple App Store have been downloaded more than two billion times is cause for alarm, if only for their capability to steal information and create secret unauthorized access to mobile devices.
Read also: Hackers infiltrate Apple App Store
Quite surprisingly, devices made by Apple accounted for 40 percent of the gadgets that are running the malicious apps, despite the tech giant’s efforts to bolster its security posture. Typically, malicious apps are expected to infect only jailbroken iPhones and iPads. But in this case, the said malicious apps could also employ a variety of side-loading tactics in order to load themselves onto the devices or leverage any enterprise managing tools initiated by a user.
Proofpoint was able to detect the infected devices running those malicious apps through the company’s TAP mobile security software product. According to its investigation, the malicious apps originated from DarkSideLoader marketplaces, app stores that purport to contain legit apps that are in reality harmful.
Chances are, users are four times more likely to download malicious apps from rogue app stores than when they do from reliable mobile app marketplaces. But still it does not mean a minimal risk when you happen to download a malicious app from trusted sources such as Google Play Store and Apple App Store.
Luckily for those who have upgraded to Android 6.0 Marshmallow, which has been rolled out only to a selected group of Android users, those malicious apps have no place in your device. But the users of Android 4.4. KitKat have to be cautious when downloading and installing an app from unreliable sources.
According to statistics, KitKat is still in use among 36 percent of Android devices, suggesting higher risks for a great number of Android fans.