sb-au logo
Story image

2020 will be 'the year of mobile sneak attacks' - McAfee

04 Mar 2020

Hidden apps, third party logins, counterfeit gaming videos – these are just some of the threats being reported on mobile devices, according to a report released today from McAfee.

Cybercrime is expanding its arsenal of attacks as technology advances, and there seems to be no limit to the creativity displayed by attackers to invent new ways of targeting victims.

The McAfee report proclaims 2020 ‘will be the year of mobile sneak attacks’, as it also shows cyber attackers are getting better at covering their tracks – making them difficult to identify.

Hidden apps are projected to be the cornerstone of the mobile sneak attack, with the report finding nearly 50% of all malicious activities in 2019 were from hidden apps.

This represents a 30% increase from 2018 - and McAfee declared it the ‘most active mobile threat facing consumers’.

They take advantage of unsuspecting consumers in multiple ways, including taking advantage of consumers using third-party login services or serving unwanted ads, according to McAfee.

“Mobile threats are playing a game of hide-and-steal, and we will continue to empower consumers to safeguard their most valued assets and data,” says McAfee executive vice president, consumer business group Terry Hicks.

“Consumers are connected more than ever, and as we look at the current security landscape, as well as future risks, we want to make sure we are doing everything to help consumers protect what matters more to them - their personal data, as well as their family and friends,” he says. 

Key features from the report:

Attackers targeting games to spoof consumers 

Hackers are taking advantage of the popularity of gaming by distributing malicious apps via links in popular gamer chat apps and cheat videos by creating their own content containing links to fake apps. 

These apps masquerade as genuine with icons that closely mimic those of the real apps but serve unwanted ads and collect user data. 

McAfee researchers uncovered that popular apps like FaceApp, Spotify, and Call of Duty all have fake versions trying to prey on unsuspecting consumers, especially younger users. 

New mobile malware uses third-party sign-on to cheat app ranking systems 

McAfee researchers have uncovered new information on mobile malware dubbed LeifAccess, also known as Shopper. 

This malware takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim’s device.

Fake warnings are used to get the user to activate accessibility services, enabling the full range of the malware’s capabilities.

A unique approach to steal sensitive data through legitimate transit app

McAfee researchers discovered a plugin called MalBus that compromised some South Korean transit apps with a fake library that could exfiltrate confidential files.

The attack was hidden in a legitimate South Korean transit app by hacking the original developer’s Google Play account. 

MalBus represents a different attack method as hackers went after the account of a legitimate developer of a popular app with a solid reputation.

“There exists a growing trend for many apps to remain hidden, stealing precious resources and important data from the device that acts as the remote control to consumers digital world,” says McAfee fellow and chief scientist Raj Samani.

“Now, more than ever, it is critical consumers make themselves aware of modern threats and the steps they can take to defend themselves against them, such as staying on legitimate app stores and reading reviews carefully.”

Story image
Fortinet resolves to help communities through new Corporate Foundation
“Through the establishment of a Corporate Foundation, we are extending investments in security training and education, employee community engagement and disaster relief efforts to empower and protect our communities, as well as positively impact our business, employees, customers and shareholders.”More
Story image
CIOs put too much trust in TLS certificates - survey
Despite the prolific usage of TLS certificates within organisations, many CIOs aren't concerned about security risks associated with TLS machine identities.More
Story image
Top 10 riskiest IoT devices for enterprises, according to Forescout
IoT devices can become attack vectors for hackers to gain access to enterprise networks, and recent Forescout research shows businesses need to be aware of this and put adequate security measures in place.More
Story image
54% rise in gaming-related cyber attacks recorded in April
Social isolation measures, widely implemented throughout the world during March and April, has been linked to both the increase in engagement for gaming and a corresponding boom in game-related cyber attacks.More
Story image
How to choose a secure plagiarism checker for your school
Choosing a secure plagiarism checker for your school is important for building a comprehensive privacy protection ecosystem and protecting user data from leaks.More
Story image
Cybersecurity spending slumps - but swift recovery expected
New research from GlobalData found that the industry will recover after this initial slump to be worth almost US$238 billion by 2030.More