Preventing Hackers From Transforming Apps Into Trojans
Reverse engineering is a huge problem for mobile apps. Through a variety of techniques, unscrupulous developers (aka: hackers) can pirate the creations of other developers by making minor changes to create the appearance of authenticity, but masking a more nefarious purpose. These are not your everyday run-of-the-mill ‘copycats’. They’re altered apps purporting to be the real thing, but often with malicious code hidden inside. At best, they provide an intentionally poor experience to damage the real app maker’s reputation. At worst, they act as a trojan that steals data which can be used in downstream attacks or cause other direct harm to the user. They can also harm other apps, as well as the networks to which the user is connected.
In March, for example, the mobile industry saw the emergence of the EventBot trojan, which has already morphed several times into other forms. One of the early variants is an Android-based trojan that looks and feels just like the Adobe Flash or Microsoft Word apps, but is actually a mobile banking trojan, whose true purpose is to find and steal unprotected data in banking, cryptocurrency and other financial apps on a mobile device. In fact, the trojan is sophisticated enough to intercept multifactor authentication (MFA) codes sent to a mobile device via SMS so it can use them in an account takeover attack by posing as the legitimate user.