Video Screencast Help
Security Response

Valentine's Day app downloads provide perfect opportunity for attacks

Attackers can take advantage of February’s increased download rates for apps related to Valentine's Day and dating to spread malware.
Created: 12 Feb 2016 20:39:38 GMT • Updated: 12 Feb 2016 20:51:18 GMT • Translations available: 日本語
Cynthia Chen's picture
+3 3 Votes
Login to vote

Valentine's day header.jpg

Each February, Symantec sees a spike in both the availability and downloads of apps related to Valentine's Day and dating. The following chart is indicative of how many applications of these types were downloaded (yellow line, left scale) and how many distinct apps were downloaded (gray line, right scale).

Valentine's Day 1_0.png
Figure 1. Chart showing the volume of Valentine’s and dating app downloads (yellow line, left scale) and distinct app downloads (gray line, right scale), by month

The large spikes in February 2014 and February 2015 coincide with increased activity around applications that offer Valentine's Day-themed wallpapers, horoscope compatibility tests, greeting cards for significant others, and love-related games. Also included in the chart data are downloads for dating apps, which are popular year-round, but see a significant rise in February. We found that these romance-related apps are four to five times more likely than other applications to be uninstalled within a month of installation.

This increase in impulsiveness and interaction with romance-related mobile applications offers attackers more opportunities to take advantage of users looking for love. For those who are using mobile apps to celebrate Valentine's Day or trying to find romance, there are a few things to watch out.

Apps that send premium SMS texts
While you're trying to send special Valentine's Day-themed texts to your loved ones, some malicious applications may try to send their own text messages in the background. Threats such as Android.Fakebok can send premium SMS texts from the compromised device. These premium texts charge the user, so that the attackers earn money from this activity without the user's knowledge.

Valentine's Day 2.png
Figure 2. Unauthorized premium SMS texts sent by an application

Trojanized apps
If you're looking for a Valentine's Day-themed game or app to distract you while you wait for the big day, you might choose to download one, only to realize it wasn't quite what you were looking for. A classic trick used by mobile malware peddlers is to take existing popular apps, repackage them with malware, and then place them on unofficial and pirate app markets for unsuspecting users to download. Trojanized applications look like safe apps, but contain a nasty surprise. Apps like Android.Fakebok and Android.Bossefiv mimic legitimate applications, but are actually used by attackers to generate revenue by sending premium SMS texts.

Information theft
Many malicious applications also try to steal information from the compromised device. Some of these threats may steal SMS data, emails, photos, and contact information. Other threats, such as Android.Spywaller, may try to steal data from other apps on the compromised device. We detect a wide range of information-stealing apps as Android.Malapp. More sophisticated Android threats may also intercept two factor authentication codes sent through text or even voice channels.

Grayware and leaky apps
While some apps may not set out to harm their users, they may unintentionally cause damage because of their insecure data practices. A significant number of popular apps don’t encrypt sensitive user information, and can allow phone numbers, contacts, and the user's location to end up on the internet. In a previous study, Symantec found that a large portion of apps were unintentionally leaky, and many lacked privacy policies or contacted outside domains. This makes it easier for your information to end up in places you don't want it.

With so many apps being made available for free nowadays, it is natural for app developers to want to increase their revenue by adding third-party ad libraries to their applications. These ad libraries have usually not been vetted properly and may display advertisements at a high rate. These aren't necessarily dangerous, but who wants to be bombarded by ads while trying to find the perfect dinner spot?

Practice safe text
The existence of these dodgy applications doesn't mean you can't have any fun on Valentine's Day. If you're looking for the right mobile app to send a greeting card or find a date, we recommend the following best practices:

  • Download apps from trusted sources: Make sure you download your applications from well-known and trusted sources. Malicious applications are much more prevalent on third-party markets and obscure websites, so staying away from them can reduce the risk of using an app that will ruin your night. Looking at the reviews, comments, and download counts can also help indicate if an app is safe or not.
  • Watch for strange device behavior: Malicious software can often betray their presence by making the device behave in unexpected ways. If your browser suddenly loads a page without a prompt, a new icon appears, audio and video play for no reason, or even if your battery drains more quickly, you may have downloaded an app you don't really want. By keeping an eye out for behaviors that are out of the ordinary, you may be able to catch a problem before it gets too bad.
  • Leverage the protection that already exists: Rooting a device could make it unable to use the protections that were put in place by the device's manufacturer. This can allow applications to have free rein to access data and present misleading or dangerous dialog boxes to the user.
  • Keep your software up to date: By keeping your software up to date, you can ensure that old vulnerabilities are fixed and cannot be used to gain unauthorized access to your device. Use automatic update if available.
  • Use Norton Mobile Security: Norton Mobile Security works beyond just finding and reporting malicious activities on a user's device. Our App Adviser provides valuable insight on problems with an app before they can be downloaded and installed. This lets users make safe decisions by keeping them informed while they are looking for the right app.