Skip to main content
Best News Website or Mobile Service
WAN-IFRA Digital Media Awards Worldwide 2022
Best News Website or Mobile Service
Digital Media Awards Worldwide 2022
Hamburger Menu
Advertisement
Advertisement

Singapore

Cybersecurity agency recommends list of apps to guard against malware, phishing attacks

The list contains six apps that are available on either Android or iOS devices.

Cybersecurity agency recommends list of apps to guard against malware, phishing attacks

File photos of the Google Play and Apple App Store logos. (Photos: AFP/Kirill Kudryavtsev, Chris Demlas)

New: You can now listen to articles.

This audio is generated by an AI tool.

SINGAPORE: The Cyber Security Agency of Singapore (CSA) has refreshed its list of recommended security apps that members of the public can use to safeguard their devices against malware attacks and phishing.

The list contains six apps that are available on either Android or iOS devices: Avast Antivirus & Security, AVG Antivirus & Security, Norton360 Antivirus & Security and Sophos Intercept X for Mobile for Android users. For iOS devices, the listed apps are F-Secure Mobile Security and ZoneAlarm Mobile Security.

A subscription fee may be required to unlock more features on certain apps, CSA said on Monday (Jan 20).

CSA launched the first version of its list in September 2023. Since then, the agency has reviewed it and conducted tests on 18 unique apps across Android and iOS devices. 

"The tests referenced those that were carried out by established industry third-party test bodies such as AV Test and AV Comparatives," CSA said.

The listed apps were evaluated across four categories.

The first category is malware detection, which involves testing the ability of security apps to detect various malware samples - including original, rehashed and obfuscated samples. Apps were evaluated on how well they identified disguised threats before they could compromise the device. 

This is crucial as a first layer of protection against a range of malware including spyware and dropper - a program designed to deliver and execute other forms of malware onto a victim's system and device.

Due to the security architecture on Apple's iOS, security apps cannot scan other iOS apps for the presence of malware. Therefore, that functionality cannot be tested on iOS devices, said CSA.

The second category, phishing detection, is essential for identifying and blocking deceptive websites or suspicious URL, CSA said.

The test involves accessing selected phishing links across different environments, such as via in-app browsers, dedicated browsers such as Chrome for Android users and Safari for iOS users or through a URL checker provided by the app.

Users will be alerted by the app when they attempt to access spoofed websites that can lead to identity theft or financial loss.

Network detection tests focus on a security app's ability to detect and alert users to common network-based attacks, such as Secure Sockets Layer (SSL) stripping and SSL decryption - which are attempts to access or steal encrypted data.

Such attacks are simulated to test whether the app can detect and alert the user. This helps protect users from data interception attacks targeting their financial details and login credentials, CSA said.

Lastly, device integrity checks assess if an app can detect device settings that could potentially compromise the user’s security.

"The focus is on unauthorised rooting and jailbreaking modifications which could provide cybercriminals with privileged access to the device’s operating system," said CSA.

Other features, such as the capability to detect the absence of authentication measures on the device - including biometrics - are also assessed.

These capabilities will ensure that users are alerted to vulnerabilities in their device settings and help to secure the user’s mobile device environment, said CSA.

The latter two categories were added in its latest review of security apps, CSA said.

For selected apps to be deemed effective, they are required to score 50 per cent and above in detecting malware and phishing attacks. In the newly introduced categories of network detection and device integrity checks, a pass in either category is required.

"This approach provides a balanced evaluation of new categories while ensuring effectiveness on the primary categories," CSA said.

The apps are available in the Google Play Store or Apple App Store for their respective operating systems.

"Cybercriminals are constantly devising new tactics to trick us and this is why installing security apps continues to be important," said Mr Chua Kuan Seah, deputy chief executive of CSA.

Mr Chua said that his agency has expanded the testing criteria for security apps to ensure that they can protect against rapidly evolving malware and phishing attacks. 

"This list is intended as a reference to aid users in choosing which security app to download based on their needs and budget. CSA will continue to work with industry professionals and developers on improving solutions for the public to defend themselves against cybercriminals."

RISING SCAM CASES

The overall number of scam cases in Singapore rose in the first half of 2024.

Social media platforms Facebook, WhatsApp and Instagram were those most used by scammers to contact potential victims, the police said last year.

Overall, scam cases in Singapore between January and June 2024 rose 16.3 per cent compared with the same period last year. A total of 26,587 cases were reported, with at least S$385.6 million (US$295 million) lost - a 24.6 per cent increase.

A law was passed on Jan 7 that provides the police with the power to order banks to restrict the banking transactions of potential scam victims.

The CSA said last year that malicious actors are likely to use AI to plan more sophisticated phishing attempts and cyberattacks.

Generative AI can be used for deepfake scams, bypassing biometric authentication and detecting vulnerabilities in software, among other use cases.

Source: CNA/nh(rj)
Advertisement

Also worth reading

Advertisement