“Consider the number of applications on your smartphone today. Which ones are actively used? Which ones are no longer used? While this is a simple check, more important questions often go unanswered. For example, do you know what data each app collects?”
So begins the latest McAfee Mobile Threat Report, which points out that mobile malware is becoming increasingly common as cybercriminals focus their attention on smartphones, the device that has become for many the go-to device for communicating, banking, shopping, and other forms of transactions and data consumption. According to data published by the Gartner, exiting 2019 there were 1.5 billion smartphones being used across the globe, which in the view of hackers offers a target-rich environment.
Per McAfee’s findings, how they are looking to attack those devices is through ‘hidden apps,’ which are malicious applications that are designed to avoid user discovery. In some cases, attackers are using a MalBus attack, which involves criminals targeting the “account of a legitimate developer of a popular app with a solid reputation…adding an additional library to the apps and uploaded them to Google Play. During installation, the malicious library checks whether it is already installed, and, if not, runs an update process to download and dynamically load a malicious Trojan disguised as a media file.”
McAfee sums this latest report with two key observations: first, 2020 is likely to be the year of “mobile sneak attacks” and attackers will increasingly look to make their activities appear more legitimate. In our view, this only solidifies the growing importance and demand for data privacy and cybersecurity solutions represented by the Foxberry Tematica Research Cybersecurity & Data Privacy Index.
Some interesting observations from the latest McAfee Mobile Threat Report include:
According to figures in the newly released McAfee Mobile Threat Report, the total number of detections for different types of mobile malware reached over 35 million during the final quarter of 2019, representing a jump of 10 million detections compared with 2018.
Thousands of apps are actively hiding their presence after installation, making them difficult to locate and remove while annoying victims with invasive ads.
In order to help bypass security protections offered to Android users by the Google Play Store, cyber criminals are turning towards other channels to help distribute their malicious apps. This often sees attackers use comments below YouTube videos, or links in popular chat apps like Discord, that claim to offer free or cracked versions of well-known applications.
The download pages for these fake applications will use icons, text and imagery of the real app to add authenticity and encourage potential victims to download the malicious software – but then the app will seemingly disappear after installation.
Apps will sometimes just disguise themselves as something under the ‘settings’ menu of the phone, or the app will claim that it can’t be installed in the user’s country – while secretly installing the malware all along.
And because the application is hidden in such a way that the user is unlikely to be able to find it, the malware will drain the phone battery by performing actions that generate ad revenue.