Malware masquerading as POS app steals data
Researchers have uncovered a new piece of mobile malware masquerading as a point-of-sale (POS) management app.
The app targets a niche audience using the image and brand name of a legitimate and widely used payments terminal to gain access to sensitive data from retailers and their customers.
The Android APK for the app appears to have a valid certificate, making it difficult for end users to detect the malware.
While the app targets users in China and Mandarin-speaking regions, cybersecurity firm Proofpoint says malicious apps masquerading as benign are quite common worldwide.
In addition, Proofpoint says malicious apps and techniques for installing them can originate on Chinese-targeted app marketplaces before being exposed to a more global audience.
“Proofpoint has scanned over 45 million apps from 300 app stores and over 100 countries worldwide. Despite the best efforts of the mobile device platform vendors, we still see over 1 per cent of the world’s 1.3 million app developers releasing malicious apps,” Dave Jevans, Proofpoint’s vice president of mobile, said.
“Apps that pretend to be from legitimate payments providers, point-of-sale vendors, and banks continue to be published on the main app stores and on the hundreds of third party app stores for both Android and iOS.
“Information stealing apps threaten not only consumers but also enterprises, by compromising email addresses, passwords, address books, calendars and a variety of information that is used to target users in blended threat campaigns that may involve email or SMS targeting at a later date.”
To protect sensitive data from getting into the wrong hands, Proofpoint suggest users stick to sanctioned or corporate mobile app stores and remain vigilant to suspicious app behaviour.