Thursday, March 17, 2016

How does a Zombie Application pose a threat ?


We usually download applications for our mobile devices from app stores. Many a times an application gets discontinued from app stores for various reasons. But, users who have already downloaded the application on their mobile devices do not get any notifications about that. And, sometimes an application already downloaded in a mobile device becomes outdated. And, the user do not update the application. These applications are called Zombie Applications.

These Zombie Applications, though apparently they look benign, can be exploited by the attackers for various malicious purposes. And, they become a serious threat to the users.





How does an application become a Zombie Application ?


An application can be discontinued from the app stores for various reasons. They may get discontinued because of containing malware, or violating any other standard policy. The developer of the application also can discontinue the application for various reasons.

The problem is, after the application gets discontinued, the users of the application do not usually get any notification about it. Sometimes, the developers may opt for sending a notification on discontinuation of the application. But, in most of the cases the developers or the app stores do not.

As a result, the users remain unaware of the fact.

Sometimes the users fail to notice that the application is not getting updated for a long time, or the users do not bother to update it for a long time. And, the application becomes outdated.

And, those applications turn into Zombie Applications.



How does a Zombie Application pose a threat ?


After an application becomes a Zombie Application, it can be used by the attackers for all malicious purposes.

As the users are mostly unaware of the fact that an application has become a Zombie Application, they may look for an update for the application. And, taking advantage of that, attackers can trick those users to install a malware-laden applications to their mobile devices. And once that happens, the attackers are free to exploit that at their own will.



What all threats does a Zombie Application pose ?

A Zombie Application can be used by the attackers for various purposes. Some of them are mentioned below :

  • The rogue application may get installed in the victim's devices and give the attackers full control of the devices using malware.
  • The attackers can read, update or delete sensitive data from the devices.
  • Attackers can harvest passwords from the devices.
  • Attackers can turn the devices into a Botnet and exploit that to spread malware, do a DoS attack or use that for other malicious purposes.
  • Attackers can track the locations of the users and spy on them.
  • Attackers can even invade privacy of the users and record various activities of the users secretly.


Countermeasures


A couple of steps can be taken to prevent the threats of Zombie Applications :

  • App stores should notify the users about discontinuation of applications from the app stores.
  • Developers should develop a secure application and update the users about discontinuation of the application.
  • Users should update the applications regularly with recent security patches or remove the applications if they cannot be updated any more.

No comments:

Post a Comment