Some good and bad news in the latest mobile threat report.
Cryptomining is rising; feral applications are down but still represent a significant portion of blacklisted apps; and overall, apps increased but the blacklist diminished, according to RiskIQ's latest mobile threat report.
The Mobile Threat Landscape Q1 2018 Report from the San Francisco-based digital-threat-management solutions provider RiskIQ analyzed 120 mobile app stores and more than two billion daily scanned resources. The findings showed that taking advantage of the popularity and volatility of the cryptocurrency landscape is paying off for threat actors via the mobile attack vector and that malicious apps leveraged by nation-state actors are becoming more prominent.
In March, an app called Calendar 2, which appeared in the Apple App Store, began mining Monero digital currency on user devices. Although the app disclosed this activity and offered the option for users to pay fees instead — or use the app with all advanced features disabled — the app developers set mining as the default option, which meant users would have to opt-out rather than opt-in. The app described mining as free for the user, which was deceptive because of the significant energy and computing costs associated with mining activity. Ultimately, bugs that caused the app to continue mining, despite users opting out, and use excessive CPU usage caused the developer to pull the app from the store after a short period.
Also, in the first quarter RiskIQ issued an alert, warning of blacklisted apps masquerading as, or associating themselves with Bitcoin exchanges, Bitcoin wallets, or just cryptocurrency in general. These are indicative of the rise of digital currencies and their attractiveness as an income stream for both crooks and legitimate businesses.
The report also showed that malicious mobile apps continued to decline, despite the number of total apps observed by the company.
The last four quarters have increased by hundreds of thousands. In the first quarter, 21,948, or 1.4%, of the total of 1,508,825 newly observed apps made it on the blacklist, which is a lower percentage than in the previous four quarters. The numbers of blacklisted feral apps declined for the fourth-straight quarter, from 3,507 in the last quarter of 2017 to 1,981 in the first quarter of 2018, but 46% were on the blacklist for that period.
Meanwhile, Google hosted 8,287 blacklisted apps in the first quarter, which is consistent with previous quarters and outpaces the next most blacklisted store, AndroidAPKDescargar, by 4,595. Although the Play Store consistently had high numbers of blacklisted apps between the third quarter 2017 and the first quarter 2018, its rate of blacklisted apps has hovered around a relatively modest 5%.
The report found that many blacklisted apps shared several of the same permissions. Eighty-six percent of apps blacklisted in this years' first quarter claimed the READ_SMS permission, which allows the app to read messages and deploy any number of nefarious exploits, including circumventing two-factor authentication. Most of the apps that can read messages can also track location, read and write to the call log, generate alert windows, change settings and other dubious requests. Among apps blacklisted in the Google Play Store, 1,207 access the phone's camera, nearly 800 of which also record location data and about 600 record audio from the phone.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
