Published: June 15, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
If one day you find thousands of text messages (SMS) on your smartphone, there’s a good chance you may be a victim of creepware. By now, most of us know that many malware apps find homes on Google Play store. Despite Google scanning all apps for malware before they’re publicly released and despite their efforts, Android malware apps continue being downloaded from the Play store. In this case, Google removed over 800 creepware apps that were lurking on the store undetected. Considered a relative of spyware, creepware allows wannabe hackers to harass individuals who’ve downloaded the malware onto their mobile device.
Thanks to an academic study last year by New York University, CornellTech, and NortonLifeLock, they created an algorithm that found 813 creepware apps hiding on Google’s store. The study was part of an effort by the group to study “stalkerware,” also known as spyware. The study discovered creepware was running rampant on the app store. Google claims that by now, all traces of it have been removed.
According to the study, creepware enables “non-expert users to mount interpersonal attacks.” It doesn’t have the full features that stalkerware has, but it’s clearly enough to abuse individuals in lots of ways. Common creepware allows phone spoofing, SMS bombing, and access to hacking tutorials. Add to that a creepware menu of more harassment tactics including identity spoofs, denial-of-service attacks, controlling access to other apps, location tracking, and more. It’s easy to see how these tools can be used for harassment purposes.
The study also helped NortonLifeLock create a “CreepRank” rating for the intrusive apps. The algorithm identifies “creepware-like” behavior, which is then given a creep score, depending on the extent of creepiness the app contains. Creepware is so obnoxious that NortonLifeLock decided to add CreepRank to their Mobile Security software.
Remember to thoroughly research apps and software you download to your devices. If at work, make sure they are IT approved. This is especially important if your organization has a bring your own device policy in place. What infiltrates your personal devices may also creep into the company network. Always be aware of what you are using. And never forget to keep your antivirus products updated at all times!
Let’s face it, no one really wants to hear that creepware is out there. But remember, knowing about the cybercrime that’s brewing in cyberspace, however creepy it may be, also gives us the awareness to help stay safe from it.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org