KSA tops privacy exposure risks from phone apps

Saudi Arabia, which is the largest market for mobile phone’s Android applications, is also the top country at risk for its users to lose their privacy, according to a recent study.
Any game downloaded by Saudi users is an invitation for hackers to swarm Android app platforms with malicious ones.
The study conducted by Trend Micro, the online security solutions firm, said malicious apps that belong to the FAKEINST and OPFAKE families are known for imitating popular apps to attract users.
Phishing attacks have also emerged as a major threat to mobile phone users.
The majority of the mobile sites spoofed were banking sites.
“Various financial service related sites were most spoofed in the first quarter, showing that phishers, whether on computers or on mobile devices, will always go for where the money is,” the report cited.
The firm said an Android malware variant that could send and receive commands from those who launch the applications on computers and phones was found on about a million phones.
“The malware can update its script to evade anti-malware detection. Using this tool, malicious users are able to control infected devices,” the report said.
Hackers target gamers by spreading fake versions of popular games.
“We spotted fake versions of Temple Run 2 and spoofed apps that offer cheats for the game Candy Crush Saga. These apps aggressively pushed ads and gathered personal information from infected mobile devices,” it said.
Multiple zero-day exploits were found targeting popular applications like Java and Adobe Flash Player, Acrobat Reader. In addition, as predicted, Trend Micro saw improvements in already-known threats like spam botnets, banking Trojans and readily available exploit kits.
On the mobile phone front, fake versions of popular apps remain a problem though phishers found a new target in the form of mobile browsers.
“Fake apps remained a significant mobile threat. Malicious apps that belong to the FAKEINST and OPFAKE families are known for imitating popular apps to lure users into downloading them. Android users from Saudi Arabia are acutely exposed to the risk of privacy exposure.”
“This might have been due to the fact that almost all of the mobile users in the Kingdom take notice of mobile ads, which could have prompted dubious developers to create apps with aggressive advertising features,” said Ibrahim Mohammed, mobile phone applications expert, who told Arab News that most of users in Saudi Arabia are using applications belonging to FAKEINST and OPFAKE families.
Saudi Arabia is the most targeted country for cyber attacks in the Middle East, according to Symantec’s Internet Security Threat Report 2013.
The kingdom ranks second globally for spam attacks, with targeted attacks surged 42 percent last year across the world.
The region’s sophisticated Internet infrastructure, high Internet and mobile penetration, and the growing economy make it an attractive target for cyber criminals keen to make easy money without too much hassle.
Cyber espionage designed to steal intellectual property is also on the rise, with small to medium sized enterprises (SME) most vulnerable because of smaller amounts spent on Internet security, according to the report.
Criminals are becoming more sophisticated and governments and businesses in the Middle East are particularly vulnerable.
Last year Symantec discovered 1.6 new malicious software (malware) variants every day, one in 532 websites were infected with malware and the company blocked 250,000 web attacks each day, of which about 65 percent were handled automatically.
The “watering hole” strategy, by which hackers wait for their targets to come to a website they have infected, is becoming more sophisticated. Once a user visits the website, the virus is unleashed and from there, they can gain access to all the information they need. Even legitimate websites can be hacked in this way.
Most recently, Saudi Arabia announced that some of government websites including ministry of interior web site was attacked from abroad.