Hackers target consumers using fake mobile apps, claims survey

Share

McAfee’s Mobile Threat Report 2020 has found that hackers are using fake mobile apps, third-party login and counterfeit gaming videos to target consumers. 

Last year, hackers targeted consumers with a wide variety of methods, from backdoors to mining cryptocurrencies. Based on new research, McAfee has uncovered that hackers have expanded the ways of hiding their attacks, making them increasingly difficult to identify and remove.

McAfee found that hidden apps are the most active mobile threat facing consumers, generating nearly 50% of all malicious activities in 2019, a 30% increase from 2018.

Hackers continue to target consumers through channels that they spend the most time on. Hidden apps take advantage of consumers in multiple ways, including those using third-party login services or serving unwanted ads.  

Says Raj Samani, McAfee Fellow and Chief Scientist:

“There exists a growing trend for many apps to remain hidden, stealing precious resources and important data from the device that acts as the remote control to consumers digital world.

“Now, more than ever, it is critical consumers make themselves aware of modern threats and the steps they can take to defend themselves against them, such as staying on legitimate app stores and reading reviews carefully.”  

The McAfee Mobile Threat Report 2020 highlights the following mobile trends: 

Hackers use gaming popularity to spoof consumers –Hackers are taking advantage of the popularity of gaming by distributing their malicious apps via links in popular gamer chat apps and cheat videos by creating their own content containing links to fake apps. These apps masquerade as genuine with icons that closely mimic those of the real apps but serve unwanted ads and collect user data. McAfee researchers uncovered that popular apps like FaceApp, Spotify, and Call of Duty all have fake versions trying to prey on unsuspecting consumers, especially younger users.   

New mobile malware uses third-party sign-on to cheat app ranking systems – McAfee researchers have uncovered new information on mobile malware dubbed LeifAccess, also known as Shopper. This malware takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim’s device. McAfee researchers observed apps based on LeifAccess being distributed via social media, gaming platforms, malvertising, and gamer chat apps. Fake warnings are used to get the user to activate accessibility services, enabling the full range of the malware’s capabilities. 

Unique approach to steal sensitive data through legitimate transit app – McAfee researchers found that a series of South Korean transit apps, were compromised with a fake library and plugin that could exfiltrate confidential files, called MalBus. The attack was hidden in a legitimate South Korean transit app by hacking the original developer’s Google Play account. The series provides a range of information for each region of South Korea, such as bus stop locations, route maps, and schedule times for more than 5 years. MalBus represents a different attack method as hackers went after the account of a legitimate developer of a popular app with a solid reputation. 

 

 

Chris Price
For latest tech stories go to TechDigest.tv