The next time you think of downloading a free application on your smartphone, be careful. According to a recent report cybercriminals are using app permissions to commit fraud and install malware.
The report 'Mobile Security: McAfee Consumer Trends Report – June 2013' by McAfee revealed that cybercriminals are abusing app permissions to commit fraud and install malware. The report also shows that games are the most common form of malware-infected app.
McAfee Labs found that under the camouflage of "free" apps, criminals are able to get consumers to agree to invasive permissions that allow scammers to deploy malware. The permissions in free apps, funded by adware, leak personal information which add networks use to serve targeted ads; however, McAfee found that 26% of apps are likely more than just adware. SMS scams and rooting exploits were among the most popular types of threats seen across a variety of apps.
"Most consumers don’t understand or even worry about the app permissions they agree to. Because of that, cybercriminals are increasingly abusing app permissions as an efficient way to deliver mobile malware. Through these agreements mobile consumers are willingly putting their personal information into the hands of criminals disguised as ad networks, and opening up endless doors for scammers," said Luis Blando, vice president of mobile product development at McAfee.
The report analyzed FakeRun, a malware that tricks users in the United States, India, and 64 other countries into giving an app a five-star rating on Google Play. Once an app developer has been rated highly, other apps they publish will be trusted, which creates more opportunities for a criminal to publish and distribute malware-carrying apps.
The report also identifies the most popular apps that carry malware. Of the top 20 downloads of malware-infected apps, games won the popularity contest, followed by personalization and a tie between tools, music, lifestyle (a cover category for adult content) and TV.