Mobile malware has come a long way in recent years. The latest exploit was exposed this week when the popular “Balloon Pop 2”, played and enjoyed by thousands of Android users, was found to contain a malicious code that enabled eavesdropping on WhatsApp conversations. Google has taken the game off its Play Store app market.
Users who used the infected game compromised their security, especially their WhatsApp conversations. Their chats were automatically intercepted and uploaded to a website named WhatsAppCopy. This underground portal then offered the stolen chats on demand.
The problem’s root is believed to be in WhatsApp’s weak encryption policy. Despite having over 350 million active users worldwide, the user’s private conversations are still open to exploitation. Around 27 billion messages are sent via the IM client everyday.
Cell phone users should take the following steps to keep their data secure and deny hackers unauthorized access to their devices and data:
1 – Inspect the permissions asked from you while installing applications. This is probably the easiest and most effective way to avoid malware. For example, simple utility applications should not require access to WhatsApp or other sensitive apps. Ignoring the permission requests can prove to be very costly.
2 – Never leave your phone in public places and always use a screen-lock widget. These security steps are very important as they deny strangers physical access to your mobile device. You can stay out of harm’s way if you don’t let others install spyware and unauthorized software on your device.
3 – Android users should have strong passwords and make sure to change them once in a few months. This is due to the fact that all Android software, including emails, applications and cloud services, use the same Google username and password. It’s also recommended to implement the Two-Step Authentication security feature.
“Kids like to play with their parent’s cell phones,” says Ronen Moss, CEO of ESET Technologies. “They love to download games and this opens the door to malware. Parents should keep their devices out of their children’s reach.”
The Balloon Pop 2 game is still available in the “black market”. Android users can download it in .APK format from third-party vendors and underground gaming websites. This of course is a huge security risk. All Android users are advised to uninstall this dangerous software altogether and use only authorized apps from the Play Store.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.