In today’s digital world, we use our smartphones for just about everything, so the idea of paying with your mobile device sounds fun and convenient. That is until a cybercriminal unleashes a near field communication (NFC) hack while you’re sitting on the bus on the way to work or standing in line at an amusement park. An NFC attack deploys viruses that disseminate through proximity to quickly spread malware through a crowd, a process the McAfee Labs team calls “bump and infect.” Once the malware infects a device, the scammer collects the details associated with your digital wallet account and secretly reuses these credentials to steal your money.
NFC attacks are just one of several types of mobile scams that the McAfee Labs™ team predicts we’ll see more of in 2013. As the smartphone market explodes, more and more criminals are viewing the mobile platform as an enticing place to conduct their online mischief. This new breed of mobile-focused cybercriminals is exhibiting a greater level of determination and sophistication leading to more destructive, complex hacks that are harder to spot.
In its newly released Mobile Security: McAfee Consumer Trends Report, McAfee Labs analyzed mobile security data from the last three quarters of 2012 to find out what the latest trends in mobile scams really are. Here are two of the top trends identified in the report:
Risky apps are delivery vans for cybercrime tools: Cybercriminals are going to great lengths to insert bad apps into trusted sources such as Google Play because risky apps are the gateway to a multitude of mobile hacks. McAfee Labs found that 75% of the malware-infected apps downloaded by McAfee Mobile Security users, who are apt to be more security conscious than the average consumer, were housed in the Google Play store, and that the average consumer has a one in six chance of downloading a risky app. The research also shows that risky apps are starting to contain hacks with multiple steps. In fact, about 25% of risky apps containing malware also contained a suspicious URL, leading to everything from click fraud to a phishing scheme that causes you to offer up personal information unknowingly.
Quick Tip: Pay attention to the permissions requested by an app and keep an eye on monthly bills to catch premium content fraud quickly.
With malware, it’s complicated: McAfee Labs found that 40% of malware families misbehave in more than one way, showing that the sophistication and determination of the criminals is increasing. A complex attack helps criminals achieve success because they are hard to detect and take advantage of the specific technologies or vulnerabilities of a mobile device. Malware poses a real threat to consumers and can be very lucrative for criminals, especially when it’s complicated.
After looking at Android malware families identified from 2007 through 2012, we found that half of all malicious behaviors are related to either spying, which could mean a criminal is browsing your text message history, or sending handset information.
Mobile malware shows a broad range of malicious or potentially undesirable behaviors
Quick Tip: Look carefully at the URL or address bar of all websites and apps as attackers will lure users in by building a web page or link with the common misspelling of a popular page or app. For example, if you’re searching for “example.com” a criminal might build an attack around “exemple.com.”
These are just a few of the trends identified by McAfee Labs in the report and as we move into 2013 we expect to see the development of even more complex hacks that are difficult for the average consumer to spot.
The moral of this mobile security story is that it’s time that we all take mobile protection a little bit more seriously. For more information, download the full report.