Malvertising stalks Soccer World Cup mobile apps

Netherlands' Memphis Depay looks to the ball after scoring his side's second goal during the group B World Cup soccer match between the Netherlands and Chile at the Itaquerao Stadium in Sao Paulo. (Wong Maye-E, AP, File)
Netherlands' Memphis Depay looks to the ball after scoring his side's second goal during the group B World Cup soccer match between the Netherlands and Chile at the Itaquerao Stadium in Sao Paulo. (Wong Maye-E, AP, File)
Cape Town - As the 2014 Soccer World Cup heads into second round, cyber criminals are upping the ante with "malvertising" - malware that is injected into mobile applications.

The global showcase has been the ideal venue for hackers to test their skills as people rush to download apps related to soccer, the teams and players.

"It is very difficult for normal people to distinguish between malware and advertising. Any software that automatically renders advertisements in order to generate revenue or accomplish some kind of goal is called Adware or Advertising-Supported Software," Andrew Kirkland, Trustwave regional director for Africa told Fin24.

The company specialises in software security threats and uncovered a number of applications that could be injected with malware on popular smartphone platforms.

"Malvertising (malicious advertising) affects mobile applications. It is very common in the applications stores of the various mobile phones to have application with a free and paid version, where the free versions normally contain the advertising. This advertising is vulnerable to Malware injection just as it would be on a normal computer," Kirkland added.

Original source

Cyber criminals can operate from any location in the world, and though Trustwave recently found that the US servers host the overall majority of malware globally, it is unclear what the original source of the malware is.

"It all depends on what the malware did and how easy it is to re-create the attacker's steps. It is best to do some forensic analysis and determine exactly what happened, not only will that give you a very good idea where the malware came from but also it will prevent the same breach from happening again," Kirkland explained.

Cyber criminals are making serious efforts to inject malware into popular applications and platforms. (Duncan Alfreds, Fin24)

Security company Kaspersky Lab recently unveiled an Android malware called Svpeng that has turned its attention to English speakers.

Once activated, the malware is able to lock people out of their mobile devices and demand payment through accounts that are difficult to trace.

"It is impossible to repel an attack of American Svpeng if a mobile device doesn't have a security solution - the malware will block the device completely, not separate files as Cryptolocker did. If it happens to you, you can do almost nothing," said Roman Unuchek, senior malware analyst at Kaspersky Lab.

Kirkland warned that corporates faced an acute threat from users who unwittingly or otherwise downloaded malware on to company servers.

"The business must prepare for the onslaught of malvertising by installing anti-malware gateways that sit between users and the internet to prevent corporate malware infections and data loss. The risk of infection through employees accidentally falling victim to a malware attack is too great for any business to not be ready for whatever is thrown their way."


Cyber criminals have a modus operandi of using major events like the World Cup or the disappearance of Malaysian flight ML370 to lure people to install malware on computers and now, even smartphones.

"It is up to the user to make sure they use the latest browser, for example, that would include the latest security advances that can make attacks more difficult. Other programs like Adobe Flash Player and Adobe Reader also needs to be kept up-to-date as they have vulnerabilities that can be exploited," advised Kirkland.

He said that it was virtually impossible for the organisers of major events to plan defences around cyber exploitation.

"It is very difficult for the organisers to play a part in preventing malware from being injected into their advertisements as the injection happens on the users' device."

- Follow Duncan on Twitter
We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot