Once Upon a Farm Raises Nearly $198 Million in IPO, Valued at Over $724 Million 
OpenAI Expands Enterprise AI Strategy With Major Hiring Push Ahead of New Business Offering 
Sony Q3 Profit Jumps on Gaming and Image Sensors, Full-Year Outlook Raised 
Prudential Financial Reports Higher Q4 Profit on Strong Underwriting and Investment Gains 
SpaceX Prioritizes Moon Mission Before Mars as Starship Development Accelerates 
Missouri Judge Dismisses Lawsuit Challenging Starbucks’ Diversity and Inclusion Policies 
Indian Refiners Scale Back Russian Oil Imports as U.S.-India Trade Deal Advances 
American Airlines CEO to Meet Pilots Union Amid Storm Response and Financial Concerns 
Rio Tinto Shares Hit Record High After Ending Glencore Merger Talks 
Nvidia, ByteDance, and the U.S.-China AI Chip Standoff Over H200 Exports 
Toyota’s Surprise CEO Change Signals Strategic Shift Amid Global Auto Turmoil 
DBS Expects Slight Dip in 2026 Net Profit After Q4 Earnings Miss on Lower Interest Margins 
Anta Sports Expands Global Footprint With Strategic Puma Stake 
CK Hutchison Launches Arbitration After Panama Court Revokes Canal Port Licences 
Hims & Hers Halts Compounded Semaglutide Pill After FDA Warning 
Nvidia CEO Jensen Huang Says AI Investment Boom Is Just Beginning as NVDA Shares Surge 
Weight-Loss Drug Ads Take Over the Super Bowl as Pharma Embraces Direct-to-Consumer Marketing 
SAN FRANCISCO, March 22, 2018 -- Malicious mobile apps were on the decline in Q4 of 2017 largely due to a decrease in the inventory of AndroidAPKDescargar, the most prolific dealer of blacklisted apps, according to digital threat management leader RiskIQ in its Q4 mobile threat landscape report, which analyzed 120 mobile app stores and more than 2 billion daily scanned resources. Listing and analyzing the app stores hosting the most malicious mobile apps and the most prolific developers of potentially malicious apps, the report documents the return of familiar threats such as brand imitation, phishing, and malware—as well as the discovery of a bankbot network preying on cryptocurrency customers.
Feral Apps are Down
The Google Play store again led the way with the most blacklisted apps, but Q4’s analysis confirmed that feral apps—apps available for download outside of a store on the web—fell in popularity for the first time in several quarters, falling from the number two spot and giving way to three other stores:
- ‘AndroidAPKDescargar’ had 7,419 blacklisted apps, comprising 41 percent of the apps RiskIQ observed in their store
- ‘9game.com’ had 4,083 blacklisted apps, accounting for 86 percent of the total apps RiskIQ observed
- ‘9apps’ had 3,644 blacklisted, 15 percent of the total apps
‘KitApps’ Makes Another Appearance Indicating a Wider Trend
One consistent developer observed almost every quarter is ‘KitApps, Inc.’ With 147 blacklisted apps in 2017, 96 percent of those were found in the AndroidAPKDescargar store. Of these blacklisted apps, 137 contain Trojans and 133 have adware—two categories of blacklisted apps that can be found en masse across the AndroidAPKDescargar store. This may indicate the store is being used as a hub for campaigns in which actors are repackaging apps with Trojans and adware.
Riding the Cryptocurrency Wave
In November, RiskIQ researchers found a mobile app that was trying to pass itself off as a cryptocurrency market price app. This app was found to be part of the bankbot family of mobile Trojans and would monitor the device that installed it for a list of target apps. If the app were launched while the Trojan was installed, the Trojan would put an overlay over the legitimate app and collect sensitive information, such as login credentials from the banking customer.
Mobile Threat Actors are “Well-Connected”
In October, RiskIQ researchers were able to take malware hashes associated with the Red Alert 2 Android Trojan and find samples that contained data that was used to uncover infrastructure used by the malware. Pivoting off a host found in the APK, researchers discovered an IP address and registrant address, both of which led to further infrastructure. Two additional domains were found to be hosting more malicious apps claiming to be Adobe Flash Player updates, showing the breadth of infrastructure of mobile threat campaigns.
“Securing the mobile app ecosystem continues to be a challenge for app stores of all sizes, but efforts to improve version control, monitor for abuse, employ verification techniques, and offer security education can help,” said Mike Wyatt, director of Product Operations at RiskIQ. “Tracking the use of brand names and likeness is an equally daunting challenge for corporations. Brands should evaluate and implement solutions that constantly monitor their digital footprint online and in mobile app stores.”
For specific metrics or to learn more, download the RiskIQ Mobile Threat Landscape Q4 2017 Report at https://www.riskiq.com/research/2017-q4-mobile-threat-landscape-report/.
About RiskIQ
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 70 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures. Visit RiskIQ.com or follow us on Twitter.
Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/. To learn more about RiskIQ, visit https://www.riskiq.com.
Contact
Stephanie Karcher
Montner Tech PR
[email protected]
203-226-9290
