This week, researchers revealed that a strain of malware hit at least 1.3 million Android phones, stealing user data as part of a scheme to boost ad revenue. Called “Gooligan,” it got into those devices the way so many of these large-scale Android attacks do: through an app. Specifically, an app that people downloaded outside the comfortable confines of the Google Play Store.
For criminals, the malicious Android app business is booming. It’s easy for a hacker to dress software up to look novel, benign, or like the dopplegänger of a mainstream product, and then plant it in third-party app stores for careless browsers to find.
Though staying in Play is the safest option for now, reputable third-party stores are possible, they’re just rare, because vetting apps to ensure security requires significant investment.
That’s true today more than ever. As desktop browsing declines and more people spend time on their mobile screens, apps are an increasingly appealing and lucrative target for hackers.
Submitted by: Arnfried Walbrecht