Is Mobile Malware Playing Hide and Steal on Your Device?

By on Mar 03, 2020

Over the years, we’ve all grown accustomed to using our smartphones and mobile apps to support our lifestyles. We as consumers have developed expectations of how devices can enhance our everyday lives- from online banking transactions to handling work correspondence on the go. But as we become more reliant on our smart devices and apps, hackers use this dependency as an opportunity to gain unwarranted access to our personal data. According to McAfee’s latest Mobile Threat Report, hidden apps are the most active mobile threat facing consumers, generating nearly 50% of all malicious activities in 2019. Let’s dive into these mobile threats and how they could potentially impact your life.

Don’t Let These Mobile Threats Commandeer Your Device

LeifAccess

LeifAccess (also known as Shopper) is an Android-based malware distributed through social media, gaming platforms, and fraudulent advertising. Once installed, this stealthy hides its icon and displays fake security notifications, hoping to trick the user into granting the malware accessibility access. LeifAccess/Shopper has also been found to use third-party logins to cheat app ranking systems and wreak more havoc on victims’ devices. The malware uses the accessibility features in Android to quietly create third-party accounts, automatically download apps from Google Play, and post reviews using names and emails configured from the victim’s device.

According to the Mobile Threat Report, hackers are also tricking users into installing adware onto their devices, redirecting them to a variety of fraudulent ads. Because digital ad revenue is simply based on screens displayed and clicks, hackers are quick to exploit this threat so they can collect fraudulent ad revenue at the expense of unsuspecting users. Due to the volume and speed of the redirects, many consumers don’t even realize that their device is infected or that their data is being collected.

HiddenAds

HiddenAds masquerades as genuine apps like Call of Duty, Spotify, and FaceApp to trick users into downloading them. But once the app is installed on the victim’s device, the app icon changes to one that mimics the Settings icon. When the victim clicks on it, the app displays a fake error message that reads “Application is unavailable in your country. Click OK to uninstall.” However, clicking OK completes the malicious app installation process and then hides the fake Settings icon, making it nearly impossible to find and delete the malware.

MalBus

McAfee researchers also discovered a new targeted attack hidden in a legitimate South Korean transit app. Called MalBus, this new attack method exploits the app developer’s hacked Google Play account. Once the hackers accessed the developer’s account, they added an additional library to the apps and uploaded them to Google Play. Now, MalBus spyware can phish for   with a local webpage that mimics the real Google login screen. Additionally, MalBus can drop a malicious trojan on the victim’s device, searching for specific military or political keywords. If these keywords are found, the victim’s matching files are uploaded to a remote server without their knowledge.

How to Stay Protected

As hackers continue to target consumers through the channels they spend the most time on – their mobile devices – it’s important for users to reflect on the current digital landscape to help protect their data, as well as their family and friends. Follow these security tips to defend against stealthy mobile threats:

  • Do your research. While some malicious apps do make it through the app store screening process, the majority of attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading an app to your device, do some quick research about the source and developer.
  • Read app reviews with a critical eye. Reviews and rankings are still a good method of determining whether an app is legitimate. However, watch out for reviews that reuse simple or repetitive phrases, as this could be a sign of a fraudulent review.
  • Update, update, update. Developers are actively working to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections.
  • Use a VPN. A virtual private network, or , allows you to send and receive data across a public network, but it encrypts your information so others can’t read it. This can prevent hackers from spying on your internet activity, therefore protecting your privacy.
  • Keep tabs on your accounts. Use ID monitoring tools to be aware of changes or actions that you did not make. These may have been caused by malware and could indicate that your phone or account has been compromised.
  • Defend your devices with security software. Comprehensive security software across all devices continues to be a strong defensive measure to protect your data and privacy from online threats.

To stay updated on all things McAfee and the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

About the Author

Alan LeFort

Alan LeFort currently serves as VP of Consumer Strategy & Cloud segment at McAfee. Alan is a seasoned security industry leader, who has held both strategic and product leadership roles at global security organizations and ISPs, such as AVG, AT&T Canada and Telus. The security needs of customers and partners is a passion for Alan. ...

Read more posts from Alan LeFort

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs