Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Mobile

    Fake Mobile Apps Are an Increasing Risk, McAfee Reports

    By
    Sean Michael Kerner
    -
    February 25, 2019
    Share
    Facebook
    Twitter
    Linkedin
      McAfee Mobile Threat Report 2019

      McAfee released its Mobile Threat Report 2019 on Feb. 25, revealing how attackers are increasingly taking aim at mobile users.

      Among the highlights of the 20-page report is data on fake mobile apps that look to trick users into clicking or installing something that leads to data loss and exploitation. According to McAfee Global Threat Intelligence data, there were nearly 65,000 fake app detections in December 2018, up dramatically from only 10,000 in June 2018. McAfee also reported a significant spike in the volume of mobile backdoors that exploit users–in particular, the Timpdoor family of backdoor malware.

      “The growth of Timpdoor has been just nuts. In December, there were more than 16,000 infections,” Raj Samani, McAfee fellow and chief scientist at McAfee, told eWEEK.

      In this eWEEK Data Points article, we look at some of the key trends and figures identified in the McAfee Mobile Threat Report for Q1 2019.

      Data Point No. 1: Fake apps are increasingly tricking users.

      Fake apps are mobile applications that aim to look like legitimate apps, but in fact are typically just vehicles for malware delivery. Over the course of 2018, the volume of fake app detection by McAfee grew from fewer than 10,000 a month in January to almost 70,000 in December.

      Data Point No. 2: Backdoor infections are a growing scourge.

      The Timpdoor mobile backdoor is now the most widely deployed mobile backdoor family, exploiting mobile devices and enabling attackers a way into victims’ devices. According to McAfee, Timpdoor is often installed after a user receives an SMS message, directing the user to install something not found in the Google Play store.

      Timpdoor was nonexistent at the beginning of 2018, but by December, McAfee reported almost 16,000 detections in that month alone.

      Data Point No. 3: Financial Trojans continue to be a mobile threat.

      Financial Trojans are a specific type of mobile malware that aims to steal a victim’s financial institution credentials. The financial Trojans are often installed in the same manner as other forms for fake applications, with an SMS message that directs users to download something outside the main app store.

      According to McAfee, from June to September 2018, there was a 200 percent increase in the volume of financial Trojans that it detected.

      Data Point No. 4: Nation-states realize the value of attacking mobile users.

      As mobile use has grown, mobile devices have become an attractive target for nation-state attackers looking to target users. McAfee identified multiple targeted attacks against mobile devices in 2018, among them Operation RedDawn, which targeted North Korean defectors.

      “The richness of data that can be collected makes mobile devices an attractive target of nation-state actors looking to spy on dissidents or other groups of interest,” Gary Davis, chief consumer evangelist at McAfee, wrote in the report.

      Data Point No. 5: Mobile cryptomining is still a risk.

      Unauthorized cryptocurrency mining operations that consume bandwidth and compute cycles on mobile devices remained an issue in 2018, even as the overall value of many cryptocurrencies declined.

      “Recently we have seen the see-saw between ransomware vs crypto-mining tip the balance toward extortion,” Samani wrote in the report. “However, rather than focus on the ups and downs of crypto-mining, which will likely show fluctuations in line with the price of various currencies, we need to acknowledge that crypto mining is very much an active threat vector on the mobile platform.”

      Data Point No 6. IoT devices are a risk, but there are some bright spots.

      The use of internet of things (IoT) devices extends the attack surface that can be exploited. While there has been no shortage of IoT vendors leaving devices at risk, Samani highlighted one vendor in particular that was very responsive at fixing issues that McAfee discovered.

      Samani noted that McAfee recently discovered a vulnerability in the BoxLock smart padlock that could have potentially exposed users to risk.

      “We anticipate vulnerabilities in consumer IoT devices and in this particular one, it was the user role that was implemented for the Bluetooth Low Energy component,” Samani told eWEEK. “The remarkable thing is we contacted them and within a week, they not only took our information and analyzed it, but they also determined a fix, tested it and rolled it out into production.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×