McAfee Labs today released the McAfee Labs Threats Report: June 2014, revealing mobile malware tactics that abuse the popularity, features, and vulnerabilities of legitimate apps and services, including malware-infested clones masquerading as the popular mobile game Flappy Birds. The report highlights the need for mobile app developers to be more vigilant about the security of their apps, and encourages users to be mindful when granting permission requests that criminals could exploit for profit.
The manipulation of legitimate mobile apps and services played a key role in the expansion of mobile malware at the beginning of 2014. McAfee Labs found that 79 percent of sampled clones of the Flappy Birds game contained malware. Through these clones, perpetrators were able to make phone calls without user permission, install additional apps, extract contact list data, track geo-location, and establish root access for uninhibited control over anything on the device, including the recording, sending, and receiving of SMS messages.
Other examples of trusted mobile app and service features being manipulated for criminal gain include:
- Android/BadInst.A: This malicious mobile app abuses app store account authentication and authorization to automatically download, install, and launch other apps without user permission
- Android/Waller.A: This Trojan exploits a flaw in a legitimate digital wallet service to commandeer its money-transfer protocol and transfer money to the attacker’s servers
- Android/Balloonpopper.A: this Trojan exploits an encryption method weakness in the popular messaging app WhatsApp, allowing attackers to intercept and share conversations and photos without users’ permission
“We tend to trust the names we know on the internet and risk compromising our safety if it means gaining what we most desire,” said Vincent Weafer, senior vice president for McAfee Labs. “The year 2014 has already given us ample evidence that mobile malware developers are playing on these inclinations, to manipulate the familiar, legitimate features in the mobile apps and services we recognize and trust. Developers must become more vigilant with the controls they build into these apps, and users must be more mindful of what permissions they grant.”
Each quarter, the McAfee Labs team of 450 multidisciplinary researchers in 30 countries follows the complete range of threats in real time, identifying application vulnerabilities, analyzing and correlating risks, and enabling instant remediation to protect enterprises and the public.
“With the mobile malware having started recently to use legitimate apps and services to gain unauthorized and criminal access, we urge the public to be highly alert when downloading games, apps and other downloads even from such “trusted” app stores like the Google Play. This can be done by refusing excessive or unfamiliar installation or runtime permission requests. Also by regularly updating apps to fix any security issues, and by avoiding any known unsafe apps,” said Hamed Diab, regional director for McAfee in the Middle East.
Additional Key Findings
- Mobile on the move: McAfee Labs’ “zoo” of mobile malware samples grew by 167 percent between Q1 2013 and Q1 2014
- Suspicious URLs: New suspect URLs set a three-month record with more than 18 million, a 19 percent increase over Q4 2013 and the fourth straight quarterly increase
- Signed malware: New malicious signed binaries remain a popular form of attack, increasing by 46 percent in the first quarter of 2014
- Master boot record malware: New threats attacking the master boot record increased by 49 percent in the first quarter, reaching an all-time high for a single quarter
- Ransomware in repose: Ransomware sample counts have dropped for three straight quarters
- Botnets and currency mining: McAfee Labs saw botnet providers include virtual currency mining capabilities with their services, reflecting the increasing popularity of digital currencies such as Bitcoin
To read the full McAfee Labs Threats Report: June 2014, please visit: http://mcaf.ee/5q3wh
