A new study find the dangers of malicious mobile apps hiding in plain sight.

Malicious mobile apps declined in 2017's fourth quarter, largely due a prolific blacklisted apps dealer's inventory decrease, but many apps still contained threats including brand imitation, phishing, and malware plus a new bankbot.

These are some revelations from RiskIQ in its fourth quarter 2017 Mobile Threat Landscape Report. The San Francisco-based digital-threat-management solutions provider applied its crawling platform to monitor more than 120 mobile app stores around the world while leveraging daily scans of nearly 2 billion resources to look for mobile apps in the wild.

"Securing the mobile app ecosystem continues to be a challenge for app stores of all sizes, but efforts to improve version control, monitor for abuse, employ verification techniques, and offer security education can help," Mike Wyatt, director of Product Operations at RiskIQ said. "Tracking the use of brand names and likeness is an equally daunting challenge for corporations. Brands should evaluate and implement solutions that constantly monitor their digital footprint online and in mobile app stores."

The 2017 fourth quarter threat analysis showed a 37% decrease in blacklisted apps over the third quarter. Blacklisted apps observed overall dropped from the third quarter (60,904) to the fourth quarter (38,425) due for the most part to AndroidAPKDescargar's massive influx of blacklisted apps (20,907) in the third quarter.

One of the go-to methods for threat actors to snare victims is disguising the malicious apps as something they are not. In November, RiskIQ researchers found a mobile app, part of the bankbot family of mobile Trojans, trying to pass itself off as a cryptocurrency market price app. If such an app succeeded in launching with an installed Trojan, it would overlay the legitimate app and collect sensitive information, such as login credentials from the banking customer.

"We observe and categorize the threat landscape as a user would see it while visiting or attempting to download apps. Every app we encounter is downloaded, executed, analyzed, and stored," noted RiskIQ research analysts Forrest Gueterman and Jordan Herman, coauthors of the report.

The Google Play store led the way with the most blacklisted apps in the last quarter, with 9,375, six percent of the total apps in Google Play, a 2% increase from the previous quarter.

Feral apps, found outside of internet stores, fell from the number two spot for most blacklisted apps observed by RiskIQ for several quarters in a row. With 3,507 blacklisted apps (52% of the total) observed in Q4, they dropped to fourth behind: AndroidAPKDescargar' 7,419 blacklisted apps, comprising 41% of the apps RiskIQ observed in their store; 9game.com (4,083 blacklisted apps, 86%); and 9apps (3,644 blacklisted, 15%).

Included in the blacklisted apps are many that were flagged for adware, 14,758 in total; 11,656 of those also were flagged for malicious behaviors such as acting as a Trojan or spyware.

In all, RiskIQ flagged:

  • 1,787 Google Play apps solely as adware, making up 19% of Google Play's blacklisted apps.
  • 1,313 Google Play apps as adware and exhibiting Trojan behavior.
  • One percent of blacklisted AndroidAPKDescargar apps as adware alone, with 99% flagged as adware and Trojans.
  • Feral apps were 4% adware, 403 (17%) of AppChina blacklisted apps were solely adware, Brothersoft made up of 12% adware, NearmeMobile was 5% adware, and Tencent was 10% adware.

"A store like Google Play may have the highest number of blacklisted apps, but because of their massive volume, it's clear that the store is generally safe, but bad apps slip by their controls from time to time," the RiskIQ researchers maintained. "9game's density of blacklisted apps is extraordinary for a store, especially one trying to be legitimate."

Just because it is in an official store does not mean you can trust it. The RiskIQ research analysts recommended regardless of what store an app comes from, check the permissions the app is asking for. If the permissions seem unnecessary or too numerous, scan the app through a service like VirusTotal.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).