Last year, hackers targeted consumers with a wide variety of methods, from backdoors to mining cryptocurrencies. In this year’s Threat Report ‘Mobile Malware is Playing Hide and Steal’ , McAfee has revealed that hackers have expanded the ways of hiding their attacks, making them increasingly difficult to identify and remove, which makes it seem like 2020 will be the year of mobile sneak attacks.
“Mobile devices hold the key to our lives – both corporate and personal,” says Venkat Krishnapur, Vice-President of Engineering and Managing Director, McAfee India. “Unfortunately, they are also amongst the easiest attack vectors for cybercriminals because, consumer awareness levels towards security of their devices and apps is low. Hidden apps have emerged as the most active mobile threat category and it’s highly advisable that consumers stay vigilant with regards to where they download applications from, what they click and also ensure they use the right security software on their devices, to enable detection and protection of their digital lives.”
“There exists a growing trend for many apps to remain hidden, stealing precious resources and important data from the device that acts as the remote control to consumers digital world,” adds Raj Samani, McAfee Fellow and Chief Scientist.
Threat for gamers
It is recommended that gamers be vigilant of activities in gamer chats apps and cheat videos. Hackers are taking advantage of the popularity of gaming by distributing their malicious apps via links in the aforementioned avenues by creating their own content containing links to fake apps, ultimately spoofing consumers.
These apps masquerade as genuine with icons that closely mimic those of the real apps but serve unwanted ads and collect user data. McAfee researchers uncovered that popular apps like FaceApp, Spotify, and Call of Duty all have fake versions trying to prey on unsuspecting consumers, especially younger users.
Android users, beware
Ever hearf of LeifAccess (also known as Shopper)? This mobile malware — which takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim’s device — is distributed through social media, gaming platforms, malvertising, and gamer chat apps, and fake warnings are used to get the user to activate accessibility services, enabling the full range of the malware’s capabilities.
Given Android is installed on over 2.5 billion devices across the globe, this is great cause for concern.
There has also been a unique approach to steal sensitive data through legitimate transit apps. For example, a series of South Korean transit apps, were compromised with a fake library and plugin that could exfiltrate confidential files, called MalBus. The attack was hidden in a legit South Korean transit app by hacking the original developer’s Google Play account, proving attacks are happening on a creator level, too.
The series provides a range of information for each region of South Korea, such as bus stop locations, route maps, and schedule times for more than 5 years. MalBus represents a different attack method as hackers went after the account of a legitimate developer of a popular app with a solid reputation.
What should we do?
According to a March 3 blog post on the McAfee website titled ‘Is Mobile Malware Playing Hide and Steal on Your Device?’ by Alan LeFort, Vice President of Consumer Strategy & Cloud segment, McAfee, “consumers have developed expectations of how devices can enhance our everyday lives — from online banking transactions to handling work correspondence on the go.”
LeFort offers some tips on how to optimally protect your systems:
- Do your research. While some malicious apps do make it through the app store screening process, the majority of attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading an app to your device, do some quick research about the source and developer.
- Read app reviews with a critical eye. Reviews and rankings are still a good method of determining whether an app is legitimate. However, watch out for reviews that reuse simple or repetitive phrases, as this could be a sign of a fraudulent review.
- Update, update, update. Developers are actively working to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections.
- Use a VPN. A virtual private network, or , allows you to send and receive data across a public network, but it encrypts your information so others cannot read it. This can prevent hackers from spying on your internet activity, therefore protecting your privacy.
- Keep tabs on your accounts. Use ID monitoring tools to be aware of changes or actions that you did not make. These may have been caused by malware and could indicate that your phone or account has been compromised.
- Defend your devices with security software. Comprehensive security software across all devices continues to be a strong defensive measure to protect your data and privacy from online threats.