McAfee Mobile Study Documents Sophistication of Risky Apps -- Security Today

McAfee Mobile Study Documents Sophistication of Risky Apps

Feb 22, 2013

Mobile platforms have become increasingly attractive to cybercriminals as consumers live more of their digital lives on smartphones and tablets. According to IDC, mobile devices are surpassing PCs as the preferred way to access the Internet, and the number of people using PCs to go online will shrink by 15 million over the next four years, while the number of mobile users will increase by 91 million.1 With the mobile space becoming a more enticing platform for online mischief, the complexity and volume of threats targeting consumers will continue to increase. Using its extensive global threat intelligence network (GTI), McAfee Labs analyzed mobile security data from the last three quarters.

“Despite elevated consumer awareness of threats on mobile platforms, there is still a significant knowledge gap surrounding how and when devices become infected and the level of potential damage,” said Luis Blando, vice president of mobile product development at McAfee. “Cybercriminals are exhibiting greater-levels of determination and sophistication leading to more destructive, multi-faceted hacks that are harder to spot, and thus, warrant a greater-degree of security and vigilance. Our goal in releasing this report is to help consumers understand the risks they face and learn ways they can stay safe and compute with confidence on all of their devices.”

In the report, McAfee Labs identifies the following threats as the most severe existing and new trends consumers will encounter in 2013:

Risky Apps: Cybercriminals are going to great lengths to insert infected apps into trusted sources, such as Google Play, and the risks within each app are becoming more intricate. As a matter of fact, McAfee Labs found that 75 percent of the malware-infected apps downloaded by McAfee Mobile Security users, who are apt to be more security-conscious than the average consumer, were housed in the Google Play store, and the average consumer has a one in six chance of downloading a risky app. Nearly 25 percent of the risky apps that contain malware also contain suspicious URLs, and 40 percent of malware families misbehave in more than one way.

A risky app may allow someone to:

Steal personal information (such as banking, email or wireless account details) and combine that with location data to put together a complete picture of who you are;
Perpetuate fraud, such as an SMS scam, that will charge you without your approval; and
Abuse a device by making it part of a criminal bot network that allows someone to remotely control your phone.

Black Market Activity: Botnet clients, downloaders, and rootkits are generic, useful software sold on black markets as part of software toolkits. Criminals use these to commit premium SMS and click fraud, spam distribution, data theft, or bank fraud – and the complexity of these criminal activities is growing. Commercial criminals are now reusing and recombining these components to devise new, profitable schemes.

Drive-by Downloads: The first, mobile, drive-by downloads were seen in 2012, and we expect these to increase in 2013. On a mobile device, a drive-by download fools a user into downloading an app without knowing it. Once a user opens the app, criminals have access to the device.

Near Field Communication: In 2013, we expect to see criminals abuse the tap-and-pay near field communications (NFC) technology used in mobile payment programs or “digital wallets.” This scam uses worms that propagate through proximity, a process we can call “bump and infect.” The distribution path can quickly spread malware through a group of people, such as in a passenger-loaded train or at an amusement park.

When the newly infected device is used to “tap-and-pay” for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet. Worm malware like this will spread by exploiting vulnerabilities on devices. This development would monetize the 11.8 percent of malware families that already contain exploit behaviors.

As the mobile space evolves, criminals will look for ways to generate revenue from features only mobile devices have. During 2012, about 16 percent of malware families detected by McAfee attempted to get devices to subscribe to premium SMS messages. In 2013, we foresee an increase in threats that will have users finding out they bought premium apps only when they check their bills.

For a full copy of the "Mobile Security: McAfee Consumer Trends Report" from McAfee Labs, with additional threats, please visit: http://www.mcafee.com/us/resources/reports/rp-mobile-security-consumer-trends.pdf

HID Signs Agreement to Acquire Calmell Group
07/10/2025
HID and ASSA ABLOY Recognized with Renowned Red Dot Award for Innovative Biometric eGate Design
07/09/2025
Security Industry Association Announces Program for 2025 AcceleRISE Conference
07/07/2025
SIA Opens Applications for 2025 Denis R. Hébert Identity Management Scholarship
07/07/2025
Honeywell Makes Strategic Tuck-in Acquisition of Li-ion Tamer
07/01/2025
Defining SASE at the Largest Consumer Electronics Chain in the Nordics
06/26/2025
Elite Interactive Receives Strategic Investment from CIVC Partners
06/26/2025
ProdataKey’s Emergency Response Integrations: Integrated Access Control Made Easy
06/25/2025

Featured

Sustainable Video Solution Delivered for Landmark City of London Office Development

An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now
- Facility Security
DHS to End ‘Shoes-Off’ Travel Policy

Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now
- Airport Security
AI to Help Resolve Non-Emergency Calls Across Utah and Decrease 911 Caller Wait Times

The Utah Communications Authority (UCA), which oversees the state’s next generation 911 technology services, recently announced that public safety answering points (PSAPs) throughout the state plan to implement Motorola Solutions’ Virtual Response technology to automate the receipt and resolution of 10-digit non-emergency line calls in Utah with the help of AI. Read Now
- Government
Report: 2025 Video Surveillance Market Set to Grow After Small Decline in 2024

Novaira Insights has unveiled its latest report, “World Market for Video Surveillance Hardware and Software – 2025 Edition.” The research indicates that the global market for video surveillance hardware and software experienced a slight decline of 0.3% in 2024. This performance fell short of previous forecasts, primarily due to a significant decrease of 7.8% in the Chinese market. Conversely, the rest of the world saw a growth of 4.9%. The global market for video surveillance equipment was estimated to be worth $25.0 billion in 2024. Read Now
- Video Surveillance
Report Reveals Local Governments Face Surge in Ransomware Attacks with Minimal Resources

KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, recently released new research highlighting the critical cybersecurity challenges facing state, local, tribal, and territorial (SLTT) governments. The report details how government organizations have become prime targets for cybercriminals while simultaneously facing severe resource constraints. Read Now
- Government

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.
Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.
Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.