Malicious Fantasy Football Mobile Apps That May Steal Your Data

September 10, 2015
Proofpoint Staff

When the defending Super Bowl™ champions New England Patriots take on the storied Pittsburgh Steelers tonight to kick-off the NFL regular season, millions of sports fans will also be celebrating the start of a new fantasy football season—with many accessing their results via mobile devices and fantasy football apps.

With 57 million participants and billions of dollars in revenue from entry fees, fantasy leagues aren’t going away. Like many lucrative, rapidly growing markets, cybercriminals and scammers are also flocking to fantasy sports. As with many other varieties of mobile apps, there are good fantasy football mobile apps, but there are others written by unscrupulous developers seeking to steal user data to sell to marketing networks, hackers and others. 

Some of these apps install aggressive adware capable of persistently tracking browser histories. This kind of tracking carries privacy risks for individuals and it can also be dangerous to organizations, potentially exposing details of internal networks, employee activities and other internal information.

Fortunately, there are several clues that indicate if a fantasy football mobile application is dangerous. Below are seven ways information security managers can identify apps that they may want to restrict.

Seven signs a fantasy football mobile app is malicious

  1. The app was published by an unknown publisher
  2. The app looks like a legitimate app, or copies the name or images of a legitimate app, but is from an unknown publisher
  3. There is no website for the publisher
  4. The publisher’s website is a Twitter page
  5. The publisher’s Twitter page website has little or no tweets
  6. The app has no privacy policy
  7. The app asks for permission to access data that it should not need, such as:
    • Reading SMS messages
    • Reading GPS location
    • Ability to read or write to external USB devices (Android)

An app that meets one or more of the above, and also has a small number of downloads, has a high probability of being malicious.

To address this risk, information security managers can send a reminder to employees regarding how to recognize malicious apps. In addition, they can deploy solutions that enable them to automatically identify and restrict these apps from both company- and employee-owned devices that access corporate data and resources.

Taking measures to ensure mobile app safety will let you and your employees enjoy the new season with a clear mind. Now, break out the chips and drinks and let the games begin. Are you ready!...