The McAfee Mobile Threats Q1 2020 shows that cybercriminals follow the easy money. Last year Crypto mining was in fashion but now that is worthless it is all about gaining fake ad impressions.
McAfee Mobile Threats Q1 2020 found two new trends
A new breed of apps (we presume Android focused
as 86.6% of the world uses that) that try to hide themselves to make
And the take up of fraudulent apps driven by
massive AI-generated user reviews
Like all security company reports, the solution is to install its software – and we agree that paid AV security software is a necessity.
Adware turns you into a click farm
Every time you click on an ad someone, somewhere receives a fraction of a cent from the vast advertising network. Malvertising simply means your device serves unwanted advertising resulting in click fraud – but lately, it is also being used to post AI-generated fraudulent reviews from you – a real person.
Leifaccess/shopper is the new threat
After installing it hides itself
It posts fake reviews for malware apps under
your name on Google Play
Perpetrates click fraud
Download and can install other (malware/adware) apps
from Google Play
Uses Android’s accessibility features to gain
The apps are fake versions of well-known apps like Call of
Duty or FaceApp but sideloaded from pirate sites.
Not from Google Play
Hides after installation
Perpetrates click fraud
Collects user data
Can download and install other malware
A long haul app – to be used in the future
Hijack a legitimate app developers app
It is easier to hijack a genuine Google Play app developers
account and incorporate malware APIs into the finished app.
For example, Daegu Bus was one of four popular Korean language
bus information apps. After the hijack, it include a function to download an
innocuous.MOV file that had malware.
It also opens a local web page that mimics the Google login
address, pre-fills the page with that email as the username, and then prompts
for the password. If successful, the malware then attempts to change the
recovery email for the account to an address they control, and then trigger a
password recovery event.
Drops a malicious Trojan on the device
Searches user’s device for specific military and
political keywords and exfiltrates files
Malware can run commands and download, upload,
or delete files
McAfee Mobile Threats Q1 2020 – summary
Last year, cybercriminals and nation-states increased their
mobile attacks with a wide variety of methods, from backdoors to mining
cryptocurrencies. This year, they have expanded the ways of hiding their
attacks and frauds, making them increasingly difficult to identify and remove.
Cybercriminals follow the quickest and easiest path to
money. Click fraud, fake reviews, and malvertising are easy money.
But as mobile devices grow in capacity and usage, they
present an increasingly rich and desirable target for spies.
It recommends only using Google Play, reading app reviews (especially if there are masses of positive ones), apply Android security patches and use a good paid AV software.