10 Apr 2017
We often talk about hackers who breach networks and completely shut them down or steal personal information, but if every hack was that damaging most people would have sworn off technology by now. Even though every week we hear about another company that’s had a breach that will cost them millions, there are thousands of smaller hacks all over the world that don’t grab headlines because they either go unnoticed or don’t grab anyone’s attention. So why should you know about them? Because most people believe that unless ransomware has shut down their network or their identity is stolen hacking doesn’t affect them.
The truth is that those harmful hacks like ransomware and identity theft begin with small breaches due to simple laziness.
Take Instagram phishing apps for example. Just last week 13 fraudulent apps were discovered and removed from all Android platforms. The apps promised to increase the number of followers and likes for people who downloaded them. Once the apps were downloaded though, the user was asked to enter their Instagram credentials. Ironically, once the credentials were entered the hackers behind the app actually used the breached accounts to increase followers and likes for other accounts. The creators were so successful at baiting users and disguising the apps that they were downloaded over 1.5 million times. Just this week, Google announced that they’d discovered and destroyed an Android malware family Chamois. Chamois’ purpose was to be downloaded as a app and then display fraudulent pop-up ads. It was particularly nasty because not only would the apps it affected not show up in the list of active apps on the device, so it couldn’t be easily deleted, but Chamois actually downloaded other apps and plugins like it to increase the number of adds the user would see. While the numbers on how many devices Chamois infected and how much it earned its creators is unknown, a similar form of malware called Hummingbad infected 10 million devices and earned $300,000 a month through fraudulent advertising.
The thing that frustrates companies like Google and Apple is that they’ve created software that can scan their app stores and flag fraudulent apps, but people still go to third party stores that cannot be verified to find and download apps, and while the consequences don’t sound as dramatic as the hacks you hear about in the news they can be just as damaging. Malware like Chamois and the Instagram phishing apps are cracks in your security that will eventually lead to a catastrophic failure. For example, say you accidently gave your Instagram credentials out. In the short run, the only problems you might see are annoying ads and random accounts but unless you take the time to create strong passwords the hackers could use your Instagram password to guess the passwords to more important online services like email or online banking. Don’t believe it? Just think of how much personal information you’ve put online through social media and online messaging services. Plus, when your device is flooded with fraudulent ads all it takes is one careless click and your device could be infected with something much worse.
Small cracks like Instagram fishing and Chamois are what allow hackers to get a foothold and work their way to your most sensitive information, so please, don’t think that just because there aren’t consequences today for downloading a questionable app or clicking a bad link you won’t pay for your mistakes big time down the road. People often think that they’ll never be targeted by hackers because they’re just an average person among billions, but these small mistakes are exactly how hackers find you. Don’t make yourself a target, find and follow sound cybersecurity practices today.