As more and more people turn to mobile apps to help them manage health issues, cybercriminals have realized there is money to be made. So be careful.
People looking for information about diabetes and other diseases may be at risk of having their personal information stolen and their privacy looted by cybercriminals. Axelle Apvrille, a security researcher at Fortinet, has recently updated malicious Android applications targeting people with diabetes during a presentation at the Virus Bulletin 2019 conference in London.
The reason for hackers to create malicious applications of health? They can easily be used to steal data or install other malware – or both – from a large number of people. A malicious application will claim, for example, that it will predict your life expectancy if the user answers a list of questions about their health. However, the information entered in the form will be sent to a remote server without the user knowing.
A second diabetes management app, available as a free download, will not work as advertised unless the user downloads other apps that are filled with adware. And a system blocks the use of the application “if the user does not agree to download” sponsored “applications that are full of pop-up ads,” said Axelle Apvrille, who noted that this particular application has thousands of downloads.
A growing practice
A third malicious application provides advice on diabetes, but also tracks almost everything the user is doing – including the device’s GPS location, IP address, and other apps on the device, putting the user’s privacy at risk. the victim in danger. This app also relentlessly pushes pop-up ads on the victim.
Despite the poor quality of these malicious apps – so many do not even provide basic advice on diabetes management – downloads are plentiful. “Because if you have diabetes and you need these applications, you can accept these pop-ups, because you need them,” explains Axelle Apvrille. “The cybercriminals profit from it”.
Cybercriminals targeting people with health problems is a growing trend. Especially as more and more people are turning to apps and devices connected to the Internet to help them manage these conditions. Medical records are already sold on Dark Web forums and if cyber criminals can use malicious health apps to collect more data, chances are they will.