Login
Recently, news broke that over 300,000 Android users downloaded supposed banking apps from the Google Play Store loaded with trojans. These malicious apps managed to outwit the store’s security checkpoints to install malware on the unsuspecting users’ devices. It is more important than ever to stay vigilant about mobile security.
The crafty hackers behind this threat disguised their trojans as commonly searched-for apps, such as QR code scanners, fitness apps, and other popular utilities. The malicious code within these apps is specifically designed to steal banking information, record keystrokes as users enter their account details, and capture screenshots of activities carried out on the phone.
The unique feature of this malware is that it only initiates its harmful activities after being installed. Whether or not the user is aware of the malware’s presence can vary. For the malware to trigger, it needs an additional step, often an in-app update that’s not through the Play Store. This update then downloads the malware payload onto the device. In numerous instances, the counterfeit apps force users into accepting this update once the app is downloaded.
While the apps originally found on the Play Store may not have contained malware in their code, they serve as a delivery system for the payload from other servers after being installed on a user’s device. This discrete method of operation is one of the reasons these harmful apps have managed to escape detection.
The evolving threat highlights the necessity of scrutinizing app permissions and being cautious of in-app prompts, especially if they deviate from the standard update processes provided by reputable app stores. As the malware landscape evolves with increasingly sophisticated tactics, understanding these threats and adopting proactive security measures is crucial for safeguarding the integrity of our digital devices and personal data.
→ Dig Deeper: McAfee 2023 Threat Predictions: Evolution and Exploitation
Smartphones are enticing targets for hackers. They contain personal information and photos, banking and other payment app credentials, and other valuable data that hackers can exploit. The smartphone’s other features—like cameras, microphones, and GPS—can offer hackers even more invasive capabilities.
Once a smartphone is compromised, a hacker can hijack social media, shopping, and financial accounts; drain wallets by racking up app store purchases or interfering in payment apps; and even read text messages or steal photos. Understanding the nature of these threats, it is essential for users to take protective measures.
→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report
Mobile applications have become an integral part of our lives, so the responsibility of app developers to ensure security is paramount. Users entrust these apps with their personal information, from contact details to financial data, making it imperative for developers to prioritize security throughout the entire app development process.
One of the primary responsibilities of app developers is to implement secure coding practices. This entails writing code that guards against vulnerabilities and potential exploits. Developers can significantly reduce the risk of security breaches by incorporating measures like robust authentication systems, data encryption, and secure data transmission protocols. Additionally, regular security audits and testing are essential to identify and rectify vulnerabilities promptly.
App developers must also be vigilant when it comes to user data protection. This involves not only securely storing sensitive information but also safeguarding it during transmission. Properly managing app permissions is another key aspect of ensuring user data privacy. Developers should request only the permissions necessary for an app’s core functionality and explain clearly to users why certain permissions are required.
To complete the discussion, app developers play a pivotal role in safeguarding user data and overall digital security. By adhering to secure coding practices, conducting regular security assessments, respecting user privacy, and responding swiftly to vulnerabilities, developers contribute to a safer and more trustworthy mobile app ecosystem. Ultimately, their commitment to security not only protects users but also upholds the integrity of the apps they create.
McAfee Pro Tip: App developers can only protect you if you download their applications from reputable app stores like Google Play and App Store. Downloading third-party applications can increase your risk of getting malware. Know more about third-party apps.
How do these harmful apps work? By presenting themselves as legitimate applications, they can sneak onto your phone and gain wide-ranging permissions to access files, photos, and functionalities. Alternatively, they may slip in code that enables hackers to gather personal data. This can result in various issues, from annoying popup ads to the loss of valuable identity information.
Some recent instances of such malicious apps include ad-blocking programs that serve up ads instead, VPN apps that charge subscriptions but provide no protection, and utility apps that misuse system privileges and permissions, further endangering users.
To avoid falling victim to such malicious apps, there are preventive steps you can take.
While major app marketplaces like Google Play and Apple’s App Store aim to eradicate malware from their platforms, hackers, being the persistent intruders they are, can find ways around these measures. Hence, extra vigilance on your part is essential. Below are some steps to help fortify your digital security:
Be wary of apps asking for unnecessary permissions, like simple games wanting access to your camera or microphone. Read the permissions list before downloading any app. If you find an app asking for more than it should need, it may be a scam. Delete it, and find a legitimate counterpart that doesn’t request for these invasive permissions.
Apps prompting you for immediate in-app updates can be a red flag. Typically, the app version you download from the store should be the most recent and not require an immediate update. Always update your apps through the app store, not the app itself, to avoid malware attacks.
Don’t download without researching the app first. Check the developer’s track record – have they published other apps with many downloads and good reviews? Malicious apps often have few reviews and grammatical errors in their descriptions. Stay alert for these signs.
Recommendations from trusted sources or reputable publications are often reliable as these sources have done the vetting for you. This method saves you time and ensures the app’s credibility.
Stick to Google Play and Apple’s App Store, which vet apps for safety and security. Third-party sites might not have a robust review process, and some intentionally host malicious apps. Google and Apple are quick to remove malicious apps once discovered, ensuring an added layer of safety.
Given the amount of data and information we store on our phones, having security software is just as crucial as having one on our computers and laptops. Whether you opt for comprehensive security software that safeguards all your devices or a specific app from Google Play or Apple’s iOS App Store, you’ll benefit from enhanced malware, web, and device security.
Updating your phone’s operating system is as important as installing security software. Updates often contain patches to fix vulnerabilities that hackers exploit to execute malware attacks. Therefore, regular updates are a necessary measure to keep your phone secure.
→ Dig Deeper: How Do I Clear a Virus From My Phone?
Staying vigilant and proactive against mobile malware is integral to maintaining your digital security. You can significantly ward off potential threats by scrutinizing app permissions, being wary of in-app updates, critically reviewing apps, trusting strong recommendations, avoiding third-party app stores, installing security software like McAfee Mobile Security, and updating your phone’s OS. Remember, a few moments spent on these precautions are minimal compared to the potential costs and consequences of a hacked phone.
The post Before You Download: Steer Clear of Malicious Android Apps appeared first on McAfee Blog.
By 2030, experts predict that there will be 5 billion devices connected to 5G.1 For the general population, this connectedness means better access to information, communication with far-flung loved ones, greater convenience in everyday tasks … and more hours devoted to everyone’s favorite pastime: scrolling through funny online videos.
For cybercriminals, this vast mobile population fills their pool of targets with billions. And criminals are getting better at hiding their schemes, making threats to mobile devices seem nearly invisible.
When undetected, cybercriminals can help themselves to your personal information or take over your expensive mobile device for their own gains. The best way to combat criminals and protect your mobile device is to know their tricks and adopt excellent online habits to foil their nefarious plots.
Here are the tips you need to uncover these four hard-to-spot mobile threats.
Spyware’s main ability is right in the name: it spies on you. Spyware is a type of malware that lurks in the shadows of your trusted device, collecting information about your browsing habits, personally identifiable information (PII), and more. Some types, called key loggers, can keep track of what you type. The software then sends the details and movements it collects about you to the spying criminal. They can then use this information to steal your passwords and waltz into your online accounts or steal your identity.
Malicious downloads are often the origin of spyware getting onto your mobile device. The spyware hides within “free” TV show, movie, or video game online downloads; however, instead of getting the latest episode you’ve been dying to watch, your device gets spyware instead.
Have you visited risky sites recently? Is your device running slowly, overheating, or suddenly experiencing a shorter-than-usual battery life? One or all of these signs could indicate that your device is working overtime running the spyware and trying to keep up with your everyday use.
Safe downloading habits will go a long way in protecting you from spyware. While streaming from free sites is less expensive than paying a monthly membership to a legitimate streaming service, you may have to pay more in the long run to reverse the damage caused by unknowingly downloading spyware. If you’re unsure if the sites you visit are safe, a safe browsing tool like McAfee WebAdvisor will alert you to untrustworthy sites.
Malicious apps are applications that masquerade as legitimate mobile apps but are actually a vessel to download malware onto your mobile device. For example, when Squid Game was all the rage in 2021, 200 apps related to the show popped up on the Google Play store. One of these themed apps claiming to be a wallpaper contained malware.
Similar to spyware, a device infected with malware will overheat, load pages slowly despite a solid Wi-Fi connection, and have a short battery life. Also, you may notice that texts are missing or that your contacts are receiving messages from you that you never sent. Finally, your online accounts may have suspicious activity, such as purchases or money transfers you didn’t authorize.
Avoiding malicious apps requires that you do a bit of research before downloading. Even if you’re using an authorized app store, like Google Play or the Apple Store, apps with hidden malware can pass the vetting process. One way to determine if an app is risky is to look at the quality of its reviews and its number of star ratings. Approach an app with less than 100 ratings with caution. Also, read a few of the reviews. Are they vague? Are they written poorly? Cybercriminals may pad their apps with fake reviews, but they’re unlikely to spend too much time writing well-composed comments. Finally, do a background check on the app’s developer listed in the app description. If they have a criminal reputation, a quick search will likely alert you to it.
Perusing the reviews isn’t a guaranteed way to sniff out a malicious app. In 2020, McAfee discovered that one bad app had more than 7,000 reviews. To help prevent malware from taking hold of your device, consider investing in antivirus software. Antivirus software isn’t just for your desktop. Mobile devices benefit from it, too! McAfee antivirus is compatible with any operating system and offers 24/7 real-time threat protection.
A botnet is a vast collection of malware-infected devices controlled by a cybercriminal. The criminal uses their network of bots to proliferate spam or crash servers.
Malware is a broad term that encompasses dozens of specific strains of malicious software, several of which are capable of recruiting your mobile device to a cybercriminal’s army of bots. Without your knowledge, the criminal can force your phone to message your contact list or divert your device’s computing power to overload a server in a cyberattack.
All the telltale signs of malware are applicable here if your phone is part of a botnet. A botnet commander grants themselves the highest admin access to any device they take over. That means you may also see new apps on your home screen that you never downloaded or messages sent by text, email, or social media direct message that you never wrote.
Criminals recruiting devices to their botnet can embed the necessary malware anywhere malware typically lurks: in fake apps, dubious streaming and file-sharing sites, phishing emails, risky links, etc. The best way to avoid becoming a member of a botnet is to watch what you click on, stay away from risky sites, and treat any message from a stranger with suspicion.
Cybercriminals can conceal their malware within fake software updates that look official. Fake updates often pose as Microsoft updates because of the company’s huge user base. Java and Android operating system updates have also been impersonated in the past.
The common signs of malware apply to fake software updates too. Also, if a fake update was widespread, you’ll likely receive an official correspondence from the software provider issuing a patch.
The best way to avoid being tricked by a fake update is to enable automatic updates on all your devices. When your devices auto-update, you can ignore any pop-up, email, or text that urges you to click on a link to update. Auto-update is a good practice to adopt anyway, as it ensures that you have the latest software, which often means that it’s the most secure.
Another excellent habit that’ll prevent you from compromising your device with a fake software update is to always preview where links will take you. You can do this by tapping and holding the link. Check the hyperlink for typos or for pages that direct away from the organization’s official website.
Cybercriminals are getting craftier by the day, employing new tools (like ChatGPT) and new strains to trick people and infect mobile devices for their own gains. To safeguard all your devices, consider investing in a solution that’ll protect you from every angle. McAfee+ Ultimate is the all-in-one device, privacy, and security service that helps you confidently live your best online life. The proactive monitoring features stop threats in their tracks, saving you a massive headache and guarding your finances and PII. If any online scheme does compromise your identity, the Family Plan offers up to $2 million in identity theft restoration.
Mobile malware doesn’t always scream “suspicious!” As long as you arm yourself with the right tools, practice good habits, and keep your eyes peeled, you should be able to spot malicious software.
1GSMA, “The Mobile Economy”
The post 4 Mobile Malware Threats You Can’t Even See appeared first on McAfee Blog.
It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.
If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.
While this threat was once a rarity, its the rise in popularity is two-fold. The first aspect is that users have been educated to distrust email messages and the second is the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:
Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:
Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.
In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:
With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:
The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blog.
FreshRSS 