SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
2020 will be 'the year of mobile sneak attacks' - McAfee
Wed, 4th Mar 2020
FYI, this story is more than a year old

Hidden apps, third party logins, counterfeit gaming videos – these are just some of the threats being reported on mobile devices, according to a report released today from McAfee.

Cybercrime is expanding its arsenal of attacks as technology advances, and there seems to be no limit to the creativity displayed by attackers to invent new ways of targeting victims.

The McAfee report proclaims 2020 ‘will be the year of mobile sneak attacks', as it also shows cyber attackers are getting better at covering their tracks – making them difficult to identify.

Hidden apps are projected to be the cornerstone of the mobile sneak attack, with the report finding nearly 50% of all malicious activities in 2019 were from hidden apps.

This represents a 30% increase from 2018 - and McAfee declared it the ‘most active mobile threat facing consumers'.

They take advantage of unsuspecting consumers in multiple ways, including taking advantage of consumers using third-party login services or serving unwanted ads, according to McAfee.

“Mobile threats are playing a game of hide-and-steal, and we will continue to empower consumers to safeguard their most valued assets and data,” says McAfee executive vice president, consumer business group Terry Hicks.

“Consumers are connected more than ever, and as we look at the current security landscape, as well as future risks, we want to make sure we are doing everything to help consumers protect what matters more to them - their personal data, as well as their family and friends,” he says. 

Key features from the report: Attackers targeting games to spoof consumers 

Hackers are taking advantage of the popularity of gaming by distributing malicious apps via links in popular gamer chat apps and cheat videos by creating their own content containing links to fake apps.

These apps masquerade as genuine with icons that closely mimic those of the real apps but serve unwanted ads and collect user data.

McAfee researchers uncovered that popular apps like FaceApp, Spotify, and Call of Duty all have fake versions trying to prey on unsuspecting consumers, especially younger users.

 
New mobile malware uses third-party sign-on to cheat app ranking systems 

McAfee researchers have uncovered new information on mobile malware dubbed LeifAccess, also known as Shopper.

This malware takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim's device.

Fake warnings are used to get the user to activate accessibility services, enabling the full range of the malware's capabilities.


A unique approach to steal sensitive data through legitimate transit app

McAfee researchers discovered a plugin called MalBus that compromised some South Korean transit apps with a fake library that could exfiltrate confidential files.

The attack was hidden in a legitimate South Korean transit app by hacking the original developer's Google Play account.

MalBus represents a different attack method as hackers went after the account of a legitimate developer of a popular app with a solid reputation.

“There exists a growing trend for many apps to remain hidden, stealing precious resources and important data from the device that acts as the remote control to consumers digital world,” says McAfee fellow and chief scientist Raj Samani.

“Now, more than ever, it is critical consumers make themselves aware of modern threats and the steps they can take to defend themselves against them, such as staying on legitimate app stores and reading reviews carefully.