14 DAY TRIAL // With mobile devices being so prevalent, cybercriminals have already tapped this market leveraging vulnerabilities in apps and services in order to make as many victims as possible.
The June 2014 McAfee Labs Threat Report provides examples of malicious apps abusing Google account authentication and authorization policies on Android.
One of the apps discovered by the researchers would download, install and deploy other software without user consent, exposing them to risks ranging from extracting sensitive details to sending costly short text messages.
In another example, software retrieved the user name and then asked for authorization on different Google services. Users run the same risk of having additional applications downloaded and installed without their permission.
Popular and reputable mobile applications are also targeted by the criminals, who take advantage of various flaws in order to reach their money-making goals.
The McAfee report describes how a Trojan exploit can reach the victim through seemingly innocent updates for reputable software, only to intercept money transfers from digital wallets and divert it to the attacker’s account.
“We tend to trust the names we know on the internet and risk compromising our safety if it means gaining what we most desire,” said Vincent Weafer, senior vice president for McAfee Labs.
“The year 2014 has already given us ample evidence that mobile malware developers are playing on these inclinations to manipulate the familiar, legitimate features in the mobile apps and services we recognize and trust. Developers must become more vigilant with the controls they build into these apps, and users must be more mindful of what permissions they grant,” he added.
One app used by cybercrooks to attract victims was the Flappy Birds game, which had been cloned at least 300 times. According to McAfee, 79% of the clones were malicious, some of them allowing the cybercriminals to make phone calls without user permission, install additional apps, extract contact list data, and track geo-location.
Moreover, in some cases, the malicious app would establish root access to the device, which allowed unfettered control of all areas.
The amount of malware specifically created for mobile platforms has increased in the past two years, statistics showing a significant rise in the first quarter of 2014 compared to the Q4 2012.
Since the beginning of 2013, mobile devices have become an attractive market for cybercriminals, the number of malicious apps being on a constant rise. The report shows that in Q4 2013 there were about 650,000 new mobile threats; the figure is now around 750,000.
Compared to the same period of last year, the total number of mobile malware samples has more than doubled (167%), getting close to 4 million.