New McAfee report finds hackers using hidden mobile apps and unique distribution methods to target consumers
News Highlights:
- McAfee releases a new Mobile Threat Report that predicts 2020 to be the year of mobile sneak attacks
- Hidden mobile apps result in approximately 50% of all malicious threats in 2019
- LeifAccess tricks victims into enabling risky settings using fake security warnings to perform unwanted automated actions
Today McAfee released its Mobile Threat Report 2020, which found that hackers are using hidden mobile apps, third-party login and counterfeit gaming videos to target consumers. Last year, hackers targeted consumers with a wide variety of methods, from backdoors to mining cryptocurrencies. Based on new research, McAfee has uncovered that hackers have expanded the ways of hiding their attacks, making them increasingly difficult to identify and remove, which makes it seem like 2020 will be the year of mobile sneak attacks.
McAfee found that hidden apps are the most active mobile threat facing consumers, generating nearly
“Consumers are connected more than ever, and as we look at the current security landscape, as well as future risks, we want to make sure we are doing everything to help consumers protect what matters more to them- their personal data, as well as their family and friends,” said Terry Hicks, Executive Vice
The McAfee Mobile Threat Report 2020 highlights the following mobile trends:
Hackers use gaming popularity to spoof consumers –Hackers are taking advantage of the popularity of gaming by distributing their malicious apps via links in popular gamer chat apps and cheat videos by creating their own content containing links to fake apps. These apps masquerade as genuine with icons that closely mimic those of the real apps but serve unwanted ads and collect user data. McAfee researchers uncovered that popular apps like FaceApp, Spotify, and Call of Duty all have fake versions trying to prey on unsuspecting consumers, especially younger users.
New mobile malware uses third-party sign-on to cheat app ranking systems – McAfee researchers have uncovered new information on mobile malware dubbed LeifAccess, also known as Shopper. This malware takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim’s device. McAfee researchers observed apps based on LeifAccess being
A unique approach to steal sensitive data through legitimate transit app. McAfee researchers found that a series of South Korean transit apps, were compromised with a fake library and plugin that could exfiltrate confidential files, called MalBus. The attack was hidden in a legitimate South Korean transit app by hacking the original developer’s Google Play account. The series provides a range of information for each region of South Korea, such as bus stop locations, route maps, and schedule times for more than 5 years. MalBus represents a different attack method as hackers went after the account of a legitimate developer of a popular app with a solid reputation.
“There exists a growing trend for many apps to remain hidden, stealing precious resources and important data from the device that acts as the remote control to consumers digital world,” said Raj Samani, McAfee Fellow and Chief Scientist. “Now, more than ever, it is critical consumers make themselves aware of modern threats and the steps they can take to defend themselves against them, such as staying on legitimate app stores and reading reviews carefully.”