McAfee Mobile Threat Report Unveils 550% Increase in Consumer Security Risks Connected to Fake and Malicious Apps in Second Half of 2018

Today [24 Feb] McAfee announced its extended relationships with Samsung and Türk Telekom to further protect what matters by expanding its presence in the consumer cybersecurity industry. McAfee is committed to expanding these partnerships to champion security that is built-in across devices and networks, as it is crucial that the entire ecosystem works together to protect consumers from attacks.

McAfee also unveiled its latest Mobile Threat Report, reporting backdoors, malicious cryptomining, fake apps and banking Trojans all increased substantially in 2018, propelled by cybercriminals quest for illicit profits. Most notably, the number of fake app detections by McAfee’s Global Threat Intelligence increased from around 10,000 in June 2018 to nearly 65,000 in December 2018.

According to McAfee Labs 2019 predictions, cybercriminals are looking for ways to use trusted devices to gain control of Internet of Things (IoT) devices via password cracking and exploiting other vulnerabilities, such as through the exploitation via voice assistants. With over 25 million voice assistants in use across the world, these devices are often connected to other things in the home- controlling lights, thermostats, door locks and more. More devices mean greater connectivity and convenience for their owners, but connectivity also means more opportunities for malicious deeds.

“Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings,” said Raj Samani, McAfee fellow and chief scientist at McAfee. “From building botnets, to stealing banking credentials, perpetrating click fraud, or threatening reputation damage unless a ransom is paid, money is the ultimate goal for criminals.”

“The rapid growth and broad access to connected IoT devices push us to deliver innovations with our partners that go beyond traditional AV, and we are creating solutions that address real world digital security challenges,” said Gary Davis, chief consumer security evangelist at McAfee. “From securing the gaming experience to safeguarding the connected home to protecting against cryptojacking, we are enabling our customers to protect what matters most to them.”

McAfee and Samsung Extend Partnership to Secure Galaxy S10 Smartphones

For the fifth year, Samsung and McAfee have worked to protect what matters for consumers around the world. McAfee extended its long-standing partnership with Samsung to safeguard consumers from cybersecurity threats on Samsung Galaxy S10 smartphones which come pre-installed with anti-malware protection powered by McAfee VirusScan. It will also support Samsung Secure Wi-Fi service that McAfee provided backend infrastructure to protect consumers against risky Wi-Fi. In addition to mobile, the partnership expands to better protect Samsung smart TVs, as well as PCs and laptops.

Türk Telekom and McAfee Offer Customers Digital Parenting Solution to Protect Families Online

McAfee strengthened its partnership with Türk Telekom, the leading information and communication technologies company in Turkey, to provide a security solution to help parents protect their family’s digital lives. Powered by McAfee’s Safe Family, fixed and mobile broadband customers will have the option to benefit from robust parental controls that will help provide parents with the confidence they need to better manage their children’s online experience.

“As the threat landscape continues to evolve in both speed and sophistication, we understand that consumers can feel at a loss when navigating the online security space. That’s why we are working diligently with our partners to create solutions for more than half a billion customers to address real world digital security challenges. From safeguarding the connected home to protecting against contemporary attacks such as cryptojacking, we’re enabling our customers to protect what matters to them by delivering the peace of mind needed to connect with confidence. Our partners share our belief that security must be built in from the start and prioritized to canvass all devices and networks,” said Terry Hicks, McAfee’s executive vice president, consumer business group.

McAfee’s Mobile Threat Report 2019

McAfee’s Mobile Threat Report 2019 reveals that while 2018 was the year of mobile malware, 2019 is shaping up to be the year of everywhere malware. Cybercriminals are looking for ways to maximize their income, and shift tactics in response to changes in the market. As the value of cryptocurrencies drops, they shift away from cryptomining. App stores are getting better at finding and deleting malicious apps, so cybercriminals bypass the stores and go directly to consumers. As the mobile platform remains a key target for ransomware developers, identity thieves and nation states, it is imperative to maintain diligence when considering which apps to install or following any link.

The McAfee Mobile Threat Report 2019 highlights the following mobile trends:

  • Increase in popularity of fake apps – Fake apps are and will be one of the most effective methods to trick users into installing suspicious and malicious applications on Android devices. With more than 200 million players globally, Fortnite has taken the world by storm and over 60 million people have downloaded the app, leading to several fake apps pretending to be various versions of the game.
  • Letting them inside with mobile backdoors – With smartphones connected to and controlling multiple items in people’s homes, cybercriminals are looking for new ways to trick users into letting them inside. While not new, in 2018 we saw the impact that TimpDoor, becoming the leading mobile backdoor family by more than 2x and showing how phishing over SMS is still effective to trick users into installing unknown applications.
  • Continued financial threats spike globally – A global spike in banking Trojans on mobile devices has continued, targeting account holders of large multinational and small regional banks. Cybercriminals continue to innovate in different distribution vectors for this threat, from phishing SMS messages to applications with real functionality that gets its malicious payload to bypass security checks on app marketplaces.
  • Mobile cryptomining – Cyber criminals are looking to find ways to add value to their digital wallets without the cost of doing their own mining. The popularity of Android-based devices not only makes them a prime target, but the latest cryptomining technique can jump from phone or tablet to smart TV to infect your entire environment.
  • Spyware attacks spike on mobile – From Operation RedDawn, targeting North Korean defectors, and FoulGoal, possibly targeting Israeli FIFA World Cup fans, mobile devices remain an attractive target of nation state actors to gather intelligence and track victims.
  • Increased risk of IoT attacks at home – The increasing proliferation of IoT devices are bringing conveniences that we could have never imagined, but they are also increasing the number of possible points of attack in our homes.

McAfee at Mobile World Congress

At Mobile World Congress, McAfee (Hall 5 Stand 5A21), will run demos of McAfee Secure Home Platform, McAfee Mobile Security, McAfee Gamer Security, McAfee MVISION Cloud and McAfee MVISION Mobile.

About McAfee

McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place.

McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. No computer system can be absolutely secure. McAfee® and the McAfee logo are trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others.

Also see:

In 2019 the Threat is “Everywhere Malware”, Not just Mobile Malware

By Raj Samani on Feb 26, 2019

This time last year, we said that 2018 would be the year of mobile malware.

Today at MWC, we’re calling 2019 the year of everywhere malware.

In their quest for profit, criminals are constantly forced to shift their tactics and adapt to a changing mobile market. Take crypto-mining, for example. A year ago this was a relatively hassle-free way of making money. But the bottom dropped out of the crypto-currency market over the course of 2018. Now it’s not as lucrative, so we witness more aggressive forms of ransomware that make payment more likely.

Our latest Mobile Threat Report has revealed a huge increase in backdoors, fake apps and banking Trojans. Hidden apps are being exploited as quickly as app stores can take them down and adversaries are adapting and developing new threats. The number of attacks on other connected things is growing too – your voice assistant might even be letting criminals into your home. And smartphones, of course, remain a prime target.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.