Hoodwinking those of faith, those whose life is built on believing, is an easier task for a malicious hacker than going after paranoid technophobes. That’s why hundreds of malware types are hiding as Bibles and Qurans, or related religious apps, across the
Security company Proofpoint isn’t revealing which exact Android apps are doing bad deeds, as it is going through the process of disclosure with the affected developers and vendors. It is instead revealing data on the number of malware or aggressive adware targeting the Google operating system. Proofpoint analyzed over 5,600 unique Bible apps (4,154 for Android and 1,500 for
Kevin Epstein, VP of threat operations at Proofpoint, said those apps with known malicious behavior let attackers steal information from mobile devices, exploit zero-day vulnerabilities, possibly jailbreak or "root" a device, pilfer login credentials and communicate with IP addresses previously linked with rogue activity.
FORBES spoke with Telefonica’s ElevenPaths, a Spanish based intelligence provider that looks for Android threats, and it did reveal two Bible-themed apps on Google Play - Bible Trivia and Bible FAQs - that it believed to be malicious. Adolfo Lorente, ElevenPaths researcher, said his organization frequently saw Android hackers reusing Bible graphics from legitimate apps, repackaging them with built-in malware and uploading them to the markets.
Cybercriminals appear to be faith agnostic when it comes to their devilish campaigns - a number of Quran apps containing malicious apps are doing the rounds in digital bazaars too. Lorent found a large number of malware hidden in Quran apps on Google Play. These included Holy Quran Go Locker Theme, The Amazing Quran and uQuran - Understand Quran. “We have also identified aggressive adware apps about the Quran and the Bible populating the markets,” Lorente added.
Proofpoint found scores of “high-risk” Quran apps too. The firm said 16 of the scanned Quran apps (3,804 for Android; 646 for iOS) contained known malicious code and another 38 were classified as high risk. Again, all were for Android.
At the time of publication, Google had not responded to a request for comment.
It’s not just financially-motivated criminals who’re looking to exploit people’s trust in religious apps. Government agency contractor Hacking Team reportedly boasted about hiding its own intrusive software in a Bible app. John McAfee, founder of the eponymous anti-virus company and now a presidential candidate, voiced his concerns about the invasiveness of some Bible apps earlier this year too.
You’ve got to have faith, but trust is hard to find in the online world.