sb-as logo
Story image

2020 will be 'the year of mobile sneak attacks' - McAfee

04 Mar 2020

Hidden apps, third party logins, counterfeit gaming videos – these are just some of the threats being reported on mobile devices, according to a report released today from McAfee.

Cybercrime is expanding its arsenal of attacks as technology advances, and there seems to be no limit to the creativity displayed by attackers to invent new ways of targeting victims.

The McAfee report proclaims 2020 ‘will be the year of mobile sneak attacks’, as it also shows cyber attackers are getting better at covering their tracks – making them difficult to identify.

Hidden apps are projected to be the cornerstone of the mobile sneak attack, with the report finding nearly 50% of all malicious activities in 2019 were from hidden apps.

This represents a 30% increase from 2018 - and McAfee declared it the ‘most active mobile threat facing consumers’.

They take advantage of unsuspecting consumers in multiple ways, including taking advantage of consumers using third-party login services or serving unwanted ads, according to McAfee.

“Mobile threats are playing a game of hide-and-steal, and we will continue to empower consumers to safeguard their most valued assets and data,” says McAfee executive vice president, consumer business group Terry Hicks.

“Consumers are connected more than ever, and as we look at the current security landscape, as well as future risks, we want to make sure we are doing everything to help consumers protect what matters more to them - their personal data, as well as their family and friends,” he says. 

Key features from the report:

Attackers targeting games to spoof consumers 

Hackers are taking advantage of the popularity of gaming by distributing malicious apps via links in popular gamer chat apps and cheat videos by creating their own content containing links to fake apps. 

These apps masquerade as genuine with icons that closely mimic those of the real apps but serve unwanted ads and collect user data. 

McAfee researchers uncovered that popular apps like FaceApp, Spotify, and Call of Duty all have fake versions trying to prey on unsuspecting consumers, especially younger users. 

New mobile malware uses third-party sign-on to cheat app ranking systems 

McAfee researchers have uncovered new information on mobile malware dubbed LeifAccess, also known as Shopper. 

This malware takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim’s device.

Fake warnings are used to get the user to activate accessibility services, enabling the full range of the malware’s capabilities.

A unique approach to steal sensitive data through legitimate transit app

McAfee researchers discovered a plugin called MalBus that compromised some South Korean transit apps with a fake library that could exfiltrate confidential files.

The attack was hidden in a legitimate South Korean transit app by hacking the original developer’s Google Play account. 

MalBus represents a different attack method as hackers went after the account of a legitimate developer of a popular app with a solid reputation.

“There exists a growing trend for many apps to remain hidden, stealing precious resources and important data from the device that acts as the remote control to consumers digital world,” says McAfee fellow and chief scientist Raj Samani.

“Now, more than ever, it is critical consumers make themselves aware of modern threats and the steps they can take to defend themselves against them, such as staying on legitimate app stores and reading reviews carefully.”

Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More
Story image
How to address cyber-threats as a strategic risk
Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
IDC’s 10 IT trends for 2021 and beyond
65% of global GDP will be digitalised by 2022, driving $6.8 trillion of IT spending from 2020 to 2023.More
Story image
The rising threat of human-controlled ransomware
Until recently, most ransomware attacks have been automated affairs. But things are changing, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Lumen launches managed security services for APAC market
The new service is designed to provide enterprise businesses with a proactive, connected security strategy to enhance threat detection and protection across endpoints. More