Sign in with Microsoft

The McAfee Mobile Threats Q1 2020 shows that cybercriminals follow the easy money. Last year Crypto mining was in fashion but now that is worthless it is all about gaining fake ad impressions.

McAfee Mobile Threats Q1 2020 found two new trends

  • A new breed of apps (we presume Android focused as 86.6% of the world uses that) that try to hide themselves to make uninstallation difficult
  • And the take up of fraudulent apps driven by massive AI-generated user reviews

Like all security company reports, the solution is to install its software – and we agree that paid AV security software is a necessity.

Adware turns you into a click farm

Every time you click on an ad someone, somewhere receives a fraction of a cent from the vast advertising network. Malvertising simply means your device serves unwanted advertising resulting in click fraud – but lately, it is also being used to post AI-generated fraudulent reviews from you – a real person.

Leifaccess/shopper is the new threat

  • After installing it hides itself
  • It posts fake reviews for malware apps under your name on Google Play
  • Perpetrates click fraud
  • Download and can install other (malware/adware) apps from Google Play
  • Uses Android’s accessibility features to gain more rights

Hiddenads Malware

The apps are fake versions of well-known apps like Call of Duty or FaceApp but sideloaded from pirate sites.

  • Not from Google Play
  • Hides after installation
  • Perpetrates click fraud
  • Collects user data
  • Can download and install other malware
  • A long haul app – to be used in the future
McAfee Mobile Threats Q1, 2020

Hijack a legitimate app developers app

It is easier to hijack a genuine Google Play app developers account and incorporate malware APIs into the finished app.

For example, Daegu Bus was one of four popular Korean language bus information apps. After the hijack, it include a function to download an innocuous.MOV file that had malware.

It also opens a local web page that mimics the Google login screen. Filled with JavaScript, this page collects the registered user’s email address, pre-fills the page with that email as the username, and then prompts for the password. If successful, the malware then attempts to change the recovery email for the account to an address they control, and then trigger a password recovery event.

  • Drops a malicious Trojan on the device
  • Searches user’s device for specific military and political keywords and exfiltrates files
  • Malware can run commands and download, upload, or delete files

McAfee Mobile Threats Q1 2020 – summary

Last year, cybercriminals and nation-states increased their mobile attacks with a wide variety of methods, from backdoors to mining cryptocurrencies. This year, they have expanded the ways of hiding their attacks and frauds, making them increasingly difficult to identify and remove.

McAfee Mobile Threats Q1, 2020

Cybercriminals follow the quickest and easiest path to money. Click fraud, fake reviews, and malvertising are easy money.

But as mobile devices grow in capacity and usage, they present an increasingly rich and desirable target for spies.

It recommends only using Google Play, reading app reviews (especially if there are masses of positive ones), apply Android security patches and use a good paid AV software.

GadgetGuy runs eSafety articles as a public service.