Perhaps the worst news about Pokemon Go is how attackers are using it to spread malware. This is not the first time bad-guy hackers have leveraged the popularity of games to spread malicious software. Viral memes spread malware, too, via drive-by attacks as people visit malicious sites that draw them by hosting or linking to the internet-based cultural sensation.
Users assume that games and meme sites have integrity. This makes it easy for the hackers to push compromising software onto consumers’ phones and computers and into your organization. Cyber thugs also use man-in-the-middle attacks on game apps to take control of mobile devices and launch attacks on the enterprise.
CSO shares the process attackers use to slip inside the enterprise through memes and games together with enterprise security policies and enforcements that help ensure the next viral internet craze doesn’t lead to malware playtime inside your organization.
Attackers enter games in a couple of ways. When they see users swiftly adopting a game such as Pokemon Go, they download a copy, decompile it, add malware, compile it, and publish it onto fake and third-party app sites for unsuspecting consumers to download and use. “When the user downloads the app, it installs a Trojan or other malware variant that gives attackers complete control of the device along with a mechanism for tracking and extracting personal information such as passwords and payment information,” explains Philip Casesa, Product Development and Portfolio Management, (ISC)2. Attackers can increase their dwell time on the device by allowing the game app to function normally despite the malware.
Attackers lure victims by making the cloned games available in parts of the world where the game’s vendors have not yet released the genuine item. “While the U.S. population was capturing Pokemon, the U.K. market still had no official release date. This resulted in more people attempting to bypass the relative safety of managed app stores to obtain the software, by jailbreaking their phones,” says Casesa.
These hackers also infiltrate game apps that are already in use. According to Bob Palmer, a vice president with SAP NS2, attackers gain access on a communications protocol level using a man-in-the-middle attack that intercepts the handshake between the game app on the device and the game vendor’s server.
In either case, attackers can then manipulate the privileges the user granted to the app to extract usage data and personal information including passwords in order to control the device’s behavior and make it do things it would not normally do, according to Palmer. “They can get the smartphone to send an email with a malware payload into the corporate network hoping someone will open it."
Sign up for CIO Asia eNewsletters.