Magecart set up custom, targeted infrastructure to blend in with the British Airways website specifically and avoid detection for as long as possible. While we can never know how much reach the attackers had on the British Airways servers, the fact that they were able to modify a resource for the site tells us the access was substantial.
More recently the company released its 2019 Threat Landscape Report.
Key mobile threats include:
- Adware Agony – TechCrunch reported that millions of Android users were tricked into downloading 85 adware apps from the Google Play store. Researchers said these apps included popular utilities and games. They served deceptively displayed ads, including full-screen ads, hidden ads, and ads running in the background, enabling them to monetize off of unsuspecting Android users.
- Targeting Taxes – In the 2019 tax season, attackers are capitalized by using the brand names of leading accounting firms and tax filing software to exploit users filing their taxes by creating fake mobile apps and landing pages. RiskIQ returned 4,162,450 total mobile apps matching these branded terms in app stores around the world, and 30% of these apps, 1,221,070, were blacklisted.
- Enter Fleeceware – As RiskIQ’s Evil Internet Minute found that mobile app is blacklisted every three minutes, researchers discovered a new group of Android apps in the Google Play Store known as fleeceware, which severely overcharge users. These apps are available for free or at low-cost, and after a short trial period, begin charging the user hundreds of dollars unless they both uninstall the application and inform the developer they do not want to continue to use the app.
Black Friday Blacklist – To analyze the methods these cybercriminals would employ over Black Friday and Cyber Monday 2019 and where they’re targeting their malicious efforts, RiskIQ ran a keyword query of our unmatched Global Blacklist and mobile app database focusing on the top-10 most trafficked sites on Thanksgiving weekend. These brands had a combined total of 6,353 blacklisted apps that contain their branded terms in the title or description.
Other findings include:
- The mobile app landscape experienced 18% growth
- Despite this growth, blacklisted apps saw a 76% decline, making mobile safer
- The top-three most prolific app stores in 2019 were Chinese, ahead of both Google and Apple.
- Feral apps—apps on the open web outside of app stores—continue to be some of the most dangerous.
- China remains the largest app market, accounting for 40% of consumer app spending.
- The six most prolific app stores of blacklisted apps in 2019.
Users should be discerning and skeptical when downloading anything and have passive protection such as legitimate antivirus software along with regular backups. Although they cannot make up for preventative measures such as checking permissions, anti-malware products provide some protection from malicious code.
Luckily, some of these malicious lookalike apps are easy to spot. One potential giveaway is excessive permissions, where an app requests permissions that go beyond those required for its stated functionality. Another is a suspicious developer name, especially if it does not match the developer name associated with other apps from the same organization. User reviews and number of downloads, where present, also help to give some level of reassurance that the app is legitimate.
If you find you have installed an app that spams you with links or tries to force downloads—or it turns out to be a lookalike or disappears after installation or one use—having regular, recent backups lets you wipe the phone and restore it to a safe state.
The fastest-growing cybersecurity event!!!
Join others with $20B+ in IT buying power who plan 2020 budgets! Including 3,500+ resellers!
It is the must-attend MSSP event!
June 22-25, 2021, Miami, FL. Register now.