Mobile malware attacks are becoming more common as cyber criminals increasingly turn their attention towards smartphones – and they’re ensuring that malicious activity is harder to uncover.
According to figures in the newly released McAfee Mobile Threat Report, the total number of detections for different types of mobile malware reached over 35 million during the final quarter of 2019, representing a jump of 10 million detections compared with 2018.
- Android malware can steal Google Authenticator 2FA codes
- Report identifies the most dangerous mobile app store on the internet
- Ransomware victims thought their backups were safe. They were wrong
- Scam, spam and phishing texts: How to spot SMS fraud and stay safe
- Cybersecurity: Do these ten things to keep your networks secure from hackers
- Threat Intelligence Index Report from IBM X-Force (ZDNet YouTube)
- Best home security of 2020: Professional monitoring and DIY (CNET)
- How to set up secure credential storage for Docker (TechRepublic)
Analysis by researchers at McAfee found that half of these detections were what they class as ‘hidden apps’; malicious applications that once installed are designed to completely avoid discovery on the device and therefore extremely difficult to remove.
The key goal of these applications is to generate money for the attacker, which often comes in the form of the infected device downloading apps and automatically clicking on advertising links in the background, or constantly bombarding the user with pop-up adverts they can’t get rid of.
“There are thousands of apps out there that are actively hiding their processes after installation. Of course, that makes it difficult for people to delete them – so they just bug the hell out of people with invasive adverts and other things. But it’s making money for bad guys, that’s the reality,” Raj Samani, chief scientist at McAfee, told ZDNet.
In order to help bypass security protections offered to Android users by the Google Play Store, cyber criminals are turning towards other channels to help distribute their malicious apps. This often sees attackers use comments below YouTube videos, or links in popular chat apps like Discord, that claim to offer free or cracked versions of well-known applications.
The download pages for these fake applications will use icons, text and imagery of the real app to add authenticity and encourage potential victims to download the malicious software – but then the app will seemingly disappear after installation.
Apps will sometimes just disguise themselves as something under the ‘settings’ menu of the phone, or the app will claim that it can’t be installed in the user’s country – while secretly installing the malware all along.
And because the application is hidden in such a way that the user is unlikely to be able to find it, the malware will drain the phone battery by performing actions that generate ad revenue.
Some attackers are even playing a longer game, slowly performing actions on an infected device over an extended period of time in order to have the greatest chance of the user questioning the suspicious activity.
In order to avoid falling victim to hidden app attacks, it’s recommended that users stick to downloading applications from official channels such as the Google Play Store.
However, while app stores do offer protections, some malicious apps do slip through, so it’s also recommended that users read the reviews of the application – if there’s a lot of negative reviews, it could be a sign of a suspicious or malicious app.
It’s also recommended that users apply updates to their mobile operating system and apps when they appear, as this adds the latest security protections to the device.
MORE ON CYBER CRIME
- Cyber security 101: Protect your privacy from hackers, spies, and the government
- How to check your Android phone for malicious apps CNET
- Two Android adware apps with 1.5 million downloads removed from Google Play Store
- 500K Android users hit with malware, and what to do if you’re infected TechRepublic
- Can Google win its battle with Android malware?