Cybercriminals discovered new methods and deployed advanced tactics to defraud mobile users during the pandemic, new research suggests.
A report published by security firm McAfee shows that, despite the fact many people were consigned to their homes, fraudsters redoubled efforts to steal data and financial information from mobile devices, such as smartphones (opens in new tab) and tablets (opens in new tab).
In a previous iteration of the Mobile Threat Report, the company announced that hidden applications posed the greatest threat to mobile users, but attackers have now expanded their arsenal with new billing and banking fraud techniques and more.
- Here's our list of the best iPhone antivirus (opens in new tab) services right now
- Check out our list of the best password managers (opens in new tab) available
- We've built a list of the best Android antivirus (opens in new tab) services around
Many of these attacks use pandemic-related themes to lure victims into clicking malicious links or triggering downloads that provide attackers with both information and, in some cases, control over the infected device.
“We’ve seen how the pandemic not only led to an increased dependence on mobile devices, but how it has prompted bad actors into developing new ways of tricking consumers and stealing their personal data. As well as these advanced forms of malware (opens in new tab) and deceit, we’ve seen that hackers are also returning to billing scams, but using new tricks,” explained Raj Samani, McAfee Fellow and Chief Scientist.
“As consumers continue to carry out daily activities on-the-go, it is critical that they stay educated and proactive about protecting their personal data.”
A common strategy among cybercriminals is to piggyback on newsworthy events, to encourage people to engage with fraudulent emails, SMS messages or applications. Since late last year, the vaccine rollout has acted as the perfect hook.
According to McAfee, attackers capitalized on anxiety surrounding Covid-19 to infect mobile devices with malware that generates revenue by serving up display ads and steals banking information, financial credentials and other personal data.
Analysis of malware trends suggests the vast majority (90%) of all pandemic-related threats took the form of trojans, a type of malware disguised as a legitimate application or service. For example, hackers created fake vaccination registration apps that demand access to SMS messages, spreading themselves further via the victim’s contact book.
Worryingly, some fraudulent applications were also distributed via official application stores, such as Google Play. In one particular instance, a series of applications masquerading as creative software were downloaded by 700,000 Android users before the threat was detected and addressed. The campaign saw victims infected with billing fraud malware capable of signing up to premium subscription services without the person’s knowledge or consent.
McAfee also registered a 141% increase in banking trojans between Q3 and Q4 2020, attributed in large part to the release of Cerberus source code, which gave rise to a number of imitation malware strains. This trojan family is known to intercept SMS messages and 2FA codes, as well as stealing financial details using overlays that sit atop banking and shopping applications.
Gazing into its crystal ball, McAfee believes this year will be characterized by “sneak attacks” and malware that abuses misinformation to gain a foothold. These attacks will be underpinned by new techniques developed by threat actors that make identifying malware infections all the more challenging.
To shield against mobile malware attacks, users are advised to download content from official app stores exclusively and to research the developer, to find out what other users have to say. Other strategies include protecting devices with antivirus (opens in new tab) software, ensuring all applications remain as up to date as possible and exercising caution when applications ask for new access permissions.
- Here's our list of the best endpoint protection (opens in new tab) services right now