Fake Mobile Apps Are an Increasing Risk, McAfee Reports

eWEEK DATA POINTS: McAfee's Mobile Threat Report 2019 provides insight into how mobile threats have changed over the past year, including a spike in the volume of fake apps and backdoor infections, led by Timpdoor.

McAfee Mobile Threat Report 2019

McAfee released its Mobile Threat Report 2019 on Feb. 25, revealing how attackers are increasingly taking aim at mobile users.

Among the highlights of the 20-page report is data on fake mobile apps that look to trick users into clicking or installing something that leads to data loss and exploitation. According to McAfee Global Threat Intelligence data, there were nearly 65,000 fake app detections in December 2018, up dramatically from only 10,000 in June 2018. McAfee also reported a significant spike in the volume of mobile backdoors that exploit users--in particular, the Timpdoor family of backdoor malware.

"The growth of Timpdoor has been just nuts. In December, there were more than 16,000 infections," Raj Samani, McAfee fellow and chief scientist at McAfee, told eWEEK.

In this eWEEK Data Points article, we look at some of the key trends and figures identified in the McAfee Mobile Threat Report for Q1 2019.

Data Point No. 1: Fake apps are increasingly tricking users.

Fake apps are mobile applications that aim to look like legitimate apps, but in fact are typically just vehicles for malware delivery. Over the course of 2018, the volume of fake app detection by McAfee grew from fewer than 10,000 a month in January to almost 70,000 in December.

Data Point No. 2: Backdoor infections are a growing scourge.

The Timpdoor mobile backdoor is now the most widely deployed mobile backdoor family, exploiting mobile devices and enabling attackers a way into victims' devices. According to McAfee, Timpdoor is often installed after a user receives an SMS message, directing the user to install something not found in the Google Play store.

Timpdoor was nonexistent at the beginning of 2018, but by December, McAfee reported almost 16,000 detections in that month alone.

Data Point No. 3: Financial Trojans continue to be a mobile threat.

Financial Trojans are a specific type of mobile malware that aims to steal a victim's financial institution credentials. The financial Trojans are often installed in the same manner as other forms for fake applications, with an SMS message that directs users to download something outside the main app store.

According to McAfee, from June to September 2018, there was a 200 percent increase in the volume of financial Trojans that it detected.

Data Point No. 4: Nation-states realize the value of attacking mobile users.

As mobile use has grown, mobile devices have become an attractive target for nation-state attackers looking to target users. McAfee identified multiple targeted attacks against mobile devices in 2018, among them Operation RedDawn, which targeted North Korean defectors.

"The richness of data that can be collected makes mobile devices an attractive target of nation-state actors looking to spy on dissidents or other groups of interest," Gary Davis, chief consumer evangelist at McAfee, wrote in the report.

Data Point No. 5: Mobile cryptomining is still a risk.

Unauthorized cryptocurrency mining operations that consume bandwidth and compute cycles on mobile devices remained an issue in 2018, even as the overall value of many cryptocurrencies declined.

"Recently we have seen the see-saw between ransomware vs crypto-mining tip the balance toward extortion," Samani wrote in the report. "However, rather than focus on the ups and downs of crypto-mining, which will likely show fluctuations in line with the price of various currencies, we need to acknowledge that crypto mining is very much an active threat vector on the mobile platform."

Data Point No 6. IoT devices are a risk, but there are some bright spots.

The use of internet of things (IoT) devices extends the attack surface that can be exploited. While there has been no shortage of IoT vendors leaving devices at risk, Samani highlighted one vendor in particular that was very responsive at fixing issues that McAfee discovered.

Samani noted that McAfee recently discovered a vulnerability in the BoxLock smart padlock that could have potentially exposed users to risk.

"We anticipate vulnerabilities in consumer IoT devices and in this particular one, it was the user role that was implemented for the Bluetooth Low Energy component," Samani told eWEEK. "The remarkable thing is we contacted them and within a week, they not only took our information and analyzed it, but they also determined a fix, tested it and rolled it out into production."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.