Security experts are warning of a rapidly growing threat where cybercriminals are targeting mobile phones to manipulate and quickly profit from them. To make matters worse, their malicious activities are becoming harder to uncover.
As revealed in McAfee’s latest Mobile Threat Report, an estimated five billion users now have mobile phones. Such a large number of users dependent on mobile gadgets makes an attractive target for bad actors.
“Rather (than) guessing or compromising a user’s personal details and passwords, these new threats use sophisticated awareness of how people use their phones in order to manipulate them,” Raj Samani of McAfee wrote in a blog post.
In one example, McAfee found HiddenAds malware was being distributed outside of app stores. Gamers could find these fake apps shared in gaming chat app Discord or via links posted near YouTube videos.
These types of apps typically hide in the background and request advertising to generate profits for the actors.
In another case, a malware family dubbed LeifAccess (or Shopper) uses warning messages to scare users such as “security error should be dealt with immediately.” As a result, users could be tricked into clicking and giving the malware permissions on the phone.
These permissions could then be used to create fake accounts and post positive reviews on various mobile apps. McAfee also found 7,000 fake reviews posted on one app.
“With an increase of 30% from 2018 to 2019, hidden apps now represent almost half of all the malicious activity we detect on mobile,” McAfee added.