Cybersecurity company McAfee has said that following a year of lockdowns and a surge in time spent online and on devices, fraudsters are capitalizing on the situation with more approaches, with 2021 shaping up to be a year of ‘malware misinformation and sneak attacks’.
McAfee’s latest Mobile Threat Report finds hackers capitalizing on the pandemic to target unsuspecting consumers.
These include fake apps targeting vaccine registration programs and India and Chile have been most attacked with these campaigns. They also include billing fraud malware that makes purchases behind the backs of consumers. Hackers are also using banking Trojans to target hundreds of financial institutions around the world.
As per the report, more than 90 percent of all pandemic-related malware took the form of Trojans. McAfee researchers found evidence of an SMS worm targeting Indian consumers, forming one of the earliest vaccine fraud campaigns.
Both SMS and WhatsApp messages encouraged users to download a vaccine app and once downloaded, the malware is sent itself to everyone in the user’s contact list via SMS or WhatsApp. The malware behind this is the same family that was involved in India’s ban on the Tik-Tok app in July last year.
Researchers have also uncovered new information on a mobile malware dubbed Etinu. Targeting users in Southwest Asia and the Middle East predominately, Etinu was found to be distributed via Google Play, with more than 700K downloads before being detected and removed. Once an app harboring this malware is installed via the Google Play Store, the malware steals incoming SMS messages using a Notification Listener function. It can then make purchases and sign up for premium services and subscriptions that get charged to the user’s account.
McAfee’s new Mobile Threat Report reveals that 2021 is shaping up to be a year of malware misinformation and sneak attacks
At the end of 2020 (Q4), total mobile malware detected by McAfee reached 43 million, with over three million of these detections being new
Trojans pose one of the biggest threats to consumers this year, accounting for 90 percent of all pandemic-related malware.
Hackers are using mobile malware dubbed Etinu to read SMS messages and extract the information needed to confirm subscriptions to premium-rate services, unbeknown to the user. Over 700K downloads were reported before being detected and removed.
With most of the world still anxious about COVID-19 and demand for vaccines high, McAfee’s research sheds light on how hackers are targeting these fears with bogus apps, text messages, and social media invitations.
“As people increasingly spend more time online owing to the pandemic and staying connected on their mobile devices, hackers are cashing into target unsuspecting consumers. With the dramatic increase in threats and cyber criminals exploiting mobile devices, our ongoing effort is to ensure that we protect what is of paramount importance to consumers – their personal data,” said Venkat Krishnapur, Vice President (Engineering) and Managing Director, McAfee Enterprise, India.
Over the past year, the vaccine rollout has advanced at different rates across the globe, providing plenty of opportunities for hackers. McAfee Advanced Threat researchers found that hackers are hiding malware and malicious links inside fakes vaccination appointments and registration display ads.
These have the potential to download malware onto a person’s device that displays unwanted ads, as well as activating accessibility features to give the hacker full device control, with the goal of stealing banking details and credentials.
According to the research, some of these campaigns worryingly started as early as November last year, before any vaccines had officially been approved, while others continue to appear as countries roll out their vaccination programs in the fight against Covid-19.
“We’ve seen how the pandemic not only led to an increased dependence on mobile devices but how it has prompted bad actors into developing new ways of tricking consumers and stealing their personal data. As well as these advanced forms of malware and deceit, we’ve seen that hackers are also returning to billing scams, but using new tricks,” said Raj Samani, McAfee Fellow, and Chief Scientist.
“As consumers continue to carry out daily activities on the go, it is critical that they stay educated and proactive about protecting their personal data,” Samani added.