A new form of cyberattack is seeing criminals target victims with serious health conditions like diabetes, new research has claimed.
Yes, this is something of a new low with cybercriminals releasing health apps which purport to help folks with their condition, but are really a thinly veiled attempt to steal personal data, invade privacy, or push ads or malware onto the victim’s device.
This comes from security firm Fortinet, as revealed at the Virus Bulletin 2019 conference by principal security researcher Axelle Apvrille.
- IoT devices now top priority for cybercriminals
- Amazon Echo speakers now provide health advice from the NHS
- Best medical transcription services of 2019
Unfortunately, people with serious health problems are easy targets in a way, because they can often be (unsurprisingly) desperate to get help with their condition. And thus they may be more likely to download an application that might look a little bit suspect, or make odd demands such as installing other software.
Like the ‘diabetes management’ app Fortinet uncovered which was a free download, but refused to work unless the user downloaded other applications – products that just happened to be riddled with adware.
Another app found by the security company claimed to predict the life expectancy of someone with diabetes if they answered various questions about their health. However, this is actually just an effort to extract personal data from the user, which is then sent to a remote server.
Obviously that sort of data – confidential medical information – is highly personal and sensitive, and therefore exactly the sort of thing that cybercriminals love to leverage to nefarious ends.
Invasion of privacy
Another dodgy app did at least provide some advice on diabetes – whereas the others didn’t even go as far as supplying any useful information – but it tracked the user via GPS, and invaded the user’s privacy in other ways like determining what other apps were installed on the mobile device.
This app also fired off loads of pop-up adverts, just to make matters worse. But as Apvrille told ZDNet (opens in new tab), users may still tolerate this: “If you have diabetes and need those applications, you might put up with those pop-ups, because you need it.”
While these apps target people with diabetes, it’s not difficult to imagine a much wider range of health conditions will be exploited by a growing and diverse collection of such malicious applications.
So as always, be careful as to the sources of any apps you download for your smartphone or tablet, and follow all the usual advice: at the very least, don’t stray outside the curated stores, check the developer’s reputation, and steer clear of anything with relatively few downloads. The latter said, note that having plentiful installations doesn’t necessarily mean anything, which is why you should also check the reviews for any app, both in the store and outside of it.
- Best medical billing services of 2019