McAfee: A Year of Lockdown Sees Surge in Mobile Malware

McAfee’s Advanced Threats Research team released its Mobile Threat Report 2021, which found hackers are using fake apps, Trojans and fraudulent messages to target consumers.

Last year, McAfee revealed that hidden apps were the most active mobile threat facing consumers. But following a year of lockdowns and a surge in time spent online and on devices, fraudsters are capitalizing on this with more approaches.

With most of the world still anxious about COVID-19 and demand for vaccines high, McAfee’s research sheds light on how hackers are targeting these fears with bogus apps, text messages, and social media invitations.

“The pandemic changed the way consumers live, meaning hackers have adapted to switch up the various methods they use to target consumers. With more people connected online than ever before, we want to make sure we are doing everything possible to help refocus consumers’ digital mindsets to protect what matters to them and their friends and family – their personal data,” Judith Bitterli, SVP, Consumer Business Group at McAfee. “Mobile threats remain prevalent in our world and as fraudsters use more advanced methods, this will only continue. We aim to support consumers in safeguarding their personal devices and more importantly, personal data.”

Over the past year, the vaccine rollout has advanced at different rates across the globe, providing plenty of opportunities for hackers. McAfee Advanced Threat researchers found hackers are hiding malware and malicious links inside fake vaccination appointments and registration display ads.

These have the potential to download malware onto a person’s device that displays unwanted ads, as well as activating accessibility features to give the hacker full device control, with the goal of stealing banking details and credentials.

According to the research, some of these campaigns started as early as November last year, before any vaccines had been approved, while others continue to appear as countries roll out their vaccination programs in the fight against COVID-19.

“We’ve seen how the pandemic not only led to an increased dependence on mobile devices, but how it has prompted bad actors into developing new ways of tricking consumers and stealing their personal data. As well as these advanced forms of malware and deceit, we’ve seen that hackers are also returning to billing scams, but using new tricks,” said Raj Samani, McAfee Fellow and Chief Scientist. “As consumers continue to carry out daily activities on-the-go, it is critical that they stay educated and proactive about protecting their personal data.”

The latest McAfee Mobile Threat Report 2021 highlights these mobile threat trends:

  • COVID-related malware – According to the McAfee COVID-19 Dashboard, more than 90 percent of all pandemic-related malware took the form of Trojans. McAfee researchers found evidence of an SMS worm targeting Indian consumers, forming one of the earliest vaccine fraud campaigns. SMS and WhatsApp messages encouraged users to download a vaccine app and once downloaded, malware sent itself to everyone in the user’s contact list via SMS or WhatsApp.
  • Billing fraud malware that makes purchases behind the backs of consumers – McAfee researchers uncovered new information on mobile malware dubbed Etinu. Targeting users in Southwest Asia and the Middle East predominately, Etinu was found being distributed via Google Play, with more than 700,000 downloads before being detected and removed. Once an app harboring this malware is installed via the Google Play Store, the malware steals incoming SMS messages using a Notification Listener function. It can then make purchases and sign up for premium services and subscriptions that get charged to the user’s account.
  • Hackers are using banking Trojans to target hundreds of financial institutions around the world – McAfee Mobile Security detected a 141 percent increase in Banking Trojan activity between Q3 and Q4 2020. Most Banking Trojans are distributed via mechanisms such as phishing SMS messages to avoid Google’s screening process. During its research, McAfee discovered Brazilian Remote Access Tool Android (BRATA) – a popular banking Trojan – that managed to get onto the Google Play store and as a result, tricked thousands of users into downloads.