Malware Masquerade: The Danger of Repackaged App Attacks and AI Voice Fraud
Share
Commentary
Malware Masquerade: The Danger of Repackaged App Attacks and AI Voice Fraud
September 24, 2023
Table of Contents
As our reliance on mobile apps grows, so does the risk of them being a vessel for cyberthreats. Among these threats, repackaging attacks on mobile apps have become a rampant, dangerous method employed by cybercriminals.
Repackaged apps are a hidden menace
Repackaging attacks involve threat actors downloading legitimate apps from official app stores and reverse-engineering them. During this process, they introduce malicious code into the app’s source code, effectively turning it into a “repackaged” version.
Once the app is repackaged, the attackers re-upload it to either well-known or little-known app stores, often promoting it as an enhanced or alternate version of the original app. This deceptive tactic increases the appeal of the repackaged app among potential victims, leading them to unknowingly download and install it.
Researchers have recognized the widespread prevalence of malware-affecting smartphones, with Android OS being a prime target for attackers. Studies have revealed that most Android malware hides within repackaged apps to infiltrate user devices. These repackaged apps are typically infected versions of popular and trusted apps.
The process of creating a repackaged app involves downloading a popular Android app and extracting its code through reverse engineering. The attackers then add their own code, which is often malicious, before recompiling and releasing the app under the disguise of an authentic one.
This poses a significant threat to unsuspecting users who inadvertently download these repackaged apps, exposing their devices to various risks, including premium service abuse, data theft, and even the deactivation of anti-malware measures.
How repackaged apps deceive users
The danger of repackaging attacks is especially evident in financial services apps.
One recent study that included research on 384 financial services apps, including banking, crypto, trading, payment, and government services apps, indicated that more than 60% of these apps were found to be vulnerable to application repackaging attacks. The consequences of such vulnerabilities are severe.
Cybercriminals can exploit these weaknesses to inject additional code into the apps, enabling them to perform unauthorized background tasks. One example is credential stuffing, where a user’s login information is stolen and used maliciously. The report also revealed that even the most downloaded financial services apps were susceptible to repackaging, with 50% of them being successfully modified and repackaged.
One of the most concerning aspects of repackaging attacks is the difficulty users face in identifying malicious apps. Cybercriminals meticulously design these repackaged apps to appear nearly identical to the original ones. Users may inadvertently download the fake versions without realizing they are counterfeit.
Furthermore, the attackers behind repackaging attacks are adept at mimicking the functionality of legitimate apps, ensuring that the malicious apps run smoothly on users’ devices. This means users often remain unaware of the ongoing malicious activities happening within their smartphones, putting their personal data, device security, and even financial safety at risk.
AI voice fraud is a growing threat
And speaking of re-creating things that seem legit, the threat scene expands to include voice cloning as well. This form of fraud involves the use of artificial intelligence (AI) voice technology to create fake audio clips or voice commands that mimic a person’s original voice.
The consequences of voice cloning in the banking sector are dire, as it opens up opportunities for identity theft, fraudulent phone calls, and phishing emails.
A notable incident reported by The Wall Street Journal involved an AI-powered deepfake of a German CEO’s voice swindling a UK-based energy firm out of €220,000. The fraudster convincingly mimicked the CEO’s accent in phone calls, leading the victim to transfer funds to a fraudulent account.
Guard against app repackaging and voice cloning
The threat of repackaging attacks on mobile apps and voice cloning requires preventive measures from both app developers and users. Developers must invest in advanced techniques and security measures to detect and avoid repackaged apps.
Additionally, employing multi-factor authentication (MFA) and reliable voice-biometric systems can help protect users from voice cloning fraud. As users, staying vigilant and cautious while downloading apps is essential. Verifying the legitimacy of the app’s source and closely examining app permissions can help lessen the risks of repackaged apps.
Moreover, disabling voice verification features that lack additional authentication can safeguard users from voice cloning attacks.
As the use of mobile applications continues to grow, it becomes vital for developers and users to be aware of these threats and act appropriately to protect against them. Otherwise, the crooks are potentially going to get a gift of their own.
Defend your app from repackaging attacks
Join our newsletter to learn how to safeguard your app’s intellectual property and protect your users from repackaging attacks.
Written by
Dr. Klaus Schenk
Dr. Klaus Schenk is senior vice president of security and threat research at Verimatrix and serves as head of its VMX Labs.
Commentary
Malware Masquerade: The Danger of Repackaged App Attacks and AI Voice Fraud
Table of Contents
As our reliance on mobile apps grows, so does the risk of them being a vessel for cyberthreats. Among these threats, repackaging attacks on mobile apps have become a rampant, dangerous method employed by cybercriminals.
Repackaged apps are a hidden menace
Repackaging attacks involve threat actors downloading legitimate apps from official app stores and reverse-engineering them. During this process, they introduce malicious code into the app’s source code, effectively turning it into a “repackaged” version.
Once the app is repackaged, the attackers re-upload it to either well-known or little-known app stores, often promoting it as an enhanced or alternate version of the original app. This deceptive tactic increases the appeal of the repackaged app among potential victims, leading them to unknowingly download and install it.
Researchers have recognized the widespread prevalence of malware-affecting smartphones, with Android OS being a prime target for attackers. Studies have revealed that most Android malware hides within repackaged apps to infiltrate user devices. These repackaged apps are typically infected versions of popular and trusted apps.
The process of creating a repackaged app involves downloading a popular Android app and extracting its code through reverse engineering. The attackers then add their own code, which is often malicious, before recompiling and releasing the app under the disguise of an authentic one.
This poses a significant threat to unsuspecting users who inadvertently download these repackaged apps, exposing their devices to various risks, including premium service abuse, data theft, and even the deactivation of anti-malware measures.
How repackaged apps deceive users
The danger of repackaging attacks is especially evident in financial services apps.
One recent study that included research on 384 financial services apps, including banking, crypto, trading, payment, and government services apps, indicated that more than 60% of these apps were found to be vulnerable to application repackaging attacks. The consequences of such vulnerabilities are severe.
Cybercriminals can exploit these weaknesses to inject additional code into the apps, enabling them to perform unauthorized background tasks. One example is credential stuffing, where a user’s login information is stolen and used maliciously. The report also revealed that even the most downloaded financial services apps were susceptible to repackaging, with 50% of them being successfully modified and repackaged.
One of the most concerning aspects of repackaging attacks is the difficulty users face in identifying malicious apps. Cybercriminals meticulously design these repackaged apps to appear nearly identical to the original ones. Users may inadvertently download the fake versions without realizing they are counterfeit.
Furthermore, the attackers behind repackaging attacks are adept at mimicking the functionality of legitimate apps, ensuring that the malicious apps run smoothly on users’ devices. This means users often remain unaware of the ongoing malicious activities happening within their smartphones, putting their personal data, device security, and even financial safety at risk.
AI voice fraud is a growing threat
And speaking of re-creating things that seem legit, the threat scene expands to include voice cloning as well. This form of fraud involves the use of artificial intelligence (AI) voice technology to create fake audio clips or voice commands that mimic a person’s original voice.
The consequences of voice cloning in the banking sector are dire, as it opens up opportunities for identity theft, fraudulent phone calls, and phishing emails.
A notable incident reported by The Wall Street Journal involved an AI-powered deepfake of a German CEO’s voice swindling a UK-based energy firm out of €220,000. The fraudster convincingly mimicked the CEO’s accent in phone calls, leading the victim to transfer funds to a fraudulent account.
Guard against app repackaging and voice cloning
The threat of repackaging attacks on mobile apps and voice cloning requires preventive measures from both app developers and users. Developers must invest in advanced techniques and security measures to detect and avoid repackaged apps.
Additionally, employing multi-factor authentication (MFA) and reliable voice-biometric systems can help protect users from voice cloning fraud. As users, staying vigilant and cautious while downloading apps is essential. Verifying the legitimacy of the app’s source and closely examining app permissions can help lessen the risks of repackaged apps.
Moreover, disabling voice verification features that lack additional authentication can safeguard users from voice cloning attacks.
As the use of mobile applications continues to grow, it becomes vital for developers and users to be aware of these threats and act appropriately to protect against them. Otherwise, the crooks are potentially going to get a gift of their own.
Defend your app from repackaging attacks
Written by
Dr. Klaus Schenk
Dr. Klaus Schenk is senior vice president of security and threat research at Verimatrix and serves as head of its VMX Labs.
Share this cybersecurity insight
Other cybersecurity insights
3 Security Imperatives for Vehicle App Manufacturers in 2024
Tool Sprawl Versus No Security Tools At All
Cybersecurity Threat Roundup #10: Joker, Samecoin, SpyNote, and more
Security Threats and Challenges Faced by Hospitality Mobile Apps and Websites