In an attempt to take advantage of people of various religions over the Christmas period, cybercriminals have embedded malware in a number of religious apps on the Google Play Store.
These apps are masquerading themselves as Bibles, Qurans, and other religious texts in order to exploit users and gain access to their mobile operating systems.
The discovery of these malicious apps was made by the security company Proofpoint. The firm has not made their list of religious apps affected by these attacks public yet but so far it has found 208 apps that contain malicious code. Of that number, 140 were considered to pose a high risk to the user based on the behaviour of the app.
Proofpoint's VP of threat operations, Kevin Epstein, reported that the malicious apps could enable cybercriminals to steal personal information such as usernames and passwords from those who installed the apps. They would also be able to exploit zero-day vulnerabilities and communicate with websites rampant with illegal activity. Epstein also noted that it might be possible for the attackers to root an Android device through these apps.
To determine which apps were malicious, Proofpoint analysed 5,600 different apps. On the Android OS there were 4,154 religious apps and on iOS there were only 1,500.
The 208 malicious apps were found on Google's platform. It appears that Apple is much more stringent when it comes to app review and approval and no malicious apps were found on iOS.