Cyber attackers circulating malicious OTT mobile apps through YouTube!

New Delhi: Cyber attacks are on a steady rise and these could cost you not just huge amount of monetary loss but can even bring a company down to zero. Cyber criminals have developed a sophisticated strategy for tricking gullible users into installing bogus OTT apps (via YouTube) so that they may steal their private information through it. Technisanct, a cyber threat intelligence and risk monitoring company, has reported this latest finding with very specific details, like the application names (Video Buddy, Foxi APK Movies and TV Shows, Momix, PikaShow, etc.).

Nandakishore Harikumar, Founder and CEO, Technisanct shares further details on the same, "We have been regularly watching malicious app circulating across Internet platforms to lure Indian users. When it comes to media and movies we know that the demand is huge. Our recent research proved that many are installing lot of Bogus OTT applications."

"Eventually the victim will loose a lot of private information. People looking for premium versions of majority of the OTT apps eventually download any of these malicious apps. Most of them are circulated using YouTube videos. While assessing these videos we identified embedded malware in these apps that will affect the device once installed. Once the device is compromised, it starts stealing information from devices. There are packages installed which sends the stolen device to the attacker. Most of these cracked apps are not the originals versions but purely modified along with some potentials malware," he added.
 
At a personal level, what are some of the precautions that people can take to avert data theft from mobiles and laptops?

1. Be alert of digital platforms
2. Do not click all links which you see online 
3. Change passwords regularly 
4. Use premium version of Anti Virus and update it regularly 
5. Backup data regularly 
6. Use genuine software and avoid pirated versions 
7. Regularly update OS and other software
8. Be careful while using public wifi 
9. Regularly clear cache and cookies from the browser 
 
From your professional experience so far, what do you think are some of the most common myths that companies have when it comes to cyber security?

Cyber security is very expensive is the biggest myth which we need to counter. Cyber security is not just installing antivirus or firewalls. It’s a combination of policies and practices, as well as small or big tools that could help people to prevent them from cyber attacks. Antivirus and firewalls are just basic steps. When it comes to best personal practises, it’s always advised to have secure passwords. Similarly using genuine software is also very much needed. In many cases people use third party cracking solutions to activate pirated applications. 
 
How much is the awareness about cyber attacks among the government led companies/bodies?

We have seen our government organisations being very weak. But we cannot blame too. We have seen a huge resistance when we moved from manual system to computer in 90’s and 2000’s. Similarly, it’s very hard to bring in this practice. We have been seeing a lot of data breach related to state and government orgnazations. There is lack of clarity in the digital assets these organisations hold. And in many cases employees and contract workers keep on changing. Basically lack of visibility toward digital infrastructure is the main reason for these breaches. Also, we need to bring government organisations too into the purview of compliance under the new personal data protection bill. There is no clarity regarding this in the proposed system. In Singapore and many western countries, government entities get penalised for violating data protection and cyber security norms. Considering the market since, we will have force government entities to go through the system where they get watched and monitored.

Technisanct intends to fight the issues of cyber threats, spreading of misinformation, privacy and data breaches negative campaigns using big-data and artificial intelligence. The team is constantly innovating its flagship tool Integrite to identify threats. They use both manual as well as automation in identifying the latest digital risks that could occur to a brand.