Yet another malware threat added to the millions the technology space witness year on year, with notorious ones such as Godless, Hummingbad, DroidJack and Gooligan malware just in 2016. Malwares are constantly evolving and attackers are resorting to more aggressive means to breach the security layers in place. Gooligan malware has proved just how much danger looms in the cyber world – it has breached the security of more than one million Google accounts, and continues to attack over 13,000 new devices on a daily basis.
People, as always, have taken to social media, blogs and forums to put forth their thoughts and condemn the attack. However, everyone seems to be talking about Android vulnerabilities and Andrew Ludwig’s statement on Google Plus. Every tech-expert has the same words of advice directed to the mobile device users, advocating safe internet and mobile practices. And honestly, we hear the same thing every single time we face a malware attack.
Through this article, we want to take you against the herd and shift your focus to a new and interesting perspective. The Android ecosystem has 2 other players apart from Google and the mobile users – they are the mobile application developers and the device makers. This article will talk about how the developers are affected by such vulnerabilities and how they can contribute to prevent malware attacks.
Gooligan malware’s code was first encountered by CheckPoint, in the malicious SnapPea app, but before that, let’s rewind a little and go back to the SnapPea Malware attack that was executed in 2015. The campaign consisted of a set of malicious applications that were being automatically installed on Android devices after being physically connected to PCs that were infected with a version of the back-up application, called SnapPea. SnapPea is a free application that allows you to manage files and content on your Android device. The application is a utility and was never meant to be a Trojan or malware. However, hackers thrive on such applications to inject their malicious code and subsequently reach millions of user devices.
A harmless application thus becomes the source for an attack that will go on to compromise the security of enterprises and individuals, and might rob them of their credentials and revenue.
With over 5.5 million applications in top app distribution platforms and over 8.5 million active app developers adding thousands to these platforms every month, hackers worldwide have plethora of options to pick from. Inadvertently, the developer community have been left on their own to secure their precious bits of code.
Vulnerabilities or bugs in a mobile application’s code or design is often tapped by malwares. Attackers can easily get a copy of an application and reverse engineer it, and then further exploit it. Unsuspecting users are lured by the ‘cheaper’ or ‘free’ versions of popular apps in the third-party app stores and install them. What they don’t know is that these apps are repackaged with malicious code inserted inside them, which subsequently compromise their devices.
To nip the attack off at the bud, developers have to harden their applications against reverse engineering, tampering or duplication. Giuseppe Porcelli, the founder of Quixxi and a passionate techie, claims that safe-guarding a developer’s code has been a daunting challenge for a very long time; he insists that hackers will get away with their malicious malware attacks as long as unprotected applications remain in the marketplace. The challenge is to find a tool that can effectively detect and prevent all kinds of security vulnerabilities. Quixxi is that one-stop solution that will be the panacea for a mobile app developers’ security requirements.
Let’s have a quick look at how Quixxi could have helped avert a malware campaign such as Gooligan.
Quixxi’s security framework protects any app using state-of-the-art encryption, thereby making it virtually impossible to hack into the source code/IP of any android app.
Quixxi provides anti-tampering solutions such as
- Multi-layered protection to resource files and class files
- checksum/integrity verification
- encryption of strings
- Method calls and field names hiding in class files
- loading the logic at runtime from low layer libraries
This directly helps in dealing with issues such as loss of advertisement revenues, pirated use of android apps outside of Play Store, reverse engineering and repackaging of android apps by hackers.
For the past 6 years, the Quixxi team has been striving to fight cybercrime and data theft through the eyes of a developer. Having an impermeable security wrap such as Quixxi around an application, makes it impossible for hackers to infect or replicate the original apps into third-party marketplaces or portals. In an ideal world, with all the mobile applications wrapped with such a security framework, we can block access to the very source that a hacker requires to initiate an attack.
A cyber-secure environment for the developers can lead to a cyber-secure world for the end-users. That’s the quintessential dream Quixxi is working towards.