Over at MWC 2019, McAfee has revealed its latest Mobile Threat Report, which highlights a worrying rise in fake apps and crypto-mining activity. while the security firm believes that 2019 will be the year of ‘everywhere malware’.
We’ll come back to that prediction, but the core observations of the latest Mobile Threat Report were that there was a rapid growth in threats against mobile devices and internet-connected (IoT) gadgets in 2018.
Specifically, McAfee points to the rise of backdoors in mobile apps, banking Trojans, and crypto-mining activity, with over 600 different malicious crypto-mining apps found across 20 app stores.
The most worrying trend highlighted, though, was the growth of straight-up fake apps, with the number McAfee detected rising sharply from 10,000 in June 2018 to almost 65,000 by the end of the year (an alarming 550% increase).
That included fake Fortnite apps, such as some pretending to be beta versions of the mobile game when it was being tested last August. Any highly popular game or piece of software is likely to be used as bait to lure unwary victims, with downloads offered via links outside of the Google Play store. As ever, be very careful about picking up applications from non-official sources.
A fake app can be used as a vehicle to simply deliver ads, or for more nefarious purposes such as installing hidden apps or malware.
Attacks from all fronts?
As we mentioned at the outset, McAfee’s prediction for the future is that while 2018 was effectively the year of mobile malware, 2019 is shaping up to be the year of ‘everywhere malware’.
That means attacks on not just PCs and smartphones, but Internet of Things gadgets, and indeed exploits delivered via voice assistants.
McAfee observes that there are 25 million voice assistants in use across the world, with those devices often connected to other aspects of the smart home, giving control over heating, lights, smart locks and so forth.
The security company notes that the main vectors for compromising IoT gadgets will be routers and smartphones (or tablets), and we’ve certainly seen how vulnerable routers can be with previous botnets such as Mirai (which was used to power some truly colossal DDoS attacks).
Raj Samani, McAfee fellow and chief scientist at McAfee, commented: “Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings. From building botnets, to stealing banking credentials, perpetrating click fraud, or threatening reputation damage unless a ransom is paid, money is the ultimate goal for criminals.”
Also at MWC, McAfee revealed the extension of its partnership with Samsung, meaning that the Galaxy S10 will come pre-installed with McAfee VirusScan, as well as Samsung’s Secure Wi-Fi service (which is powered by McAfee’s infrastructure).
MWC (Mobile World Congress) is the world’s largest showcase for the mobile industry, stuffed full of the newest phones, tablets, wearables and more. Winkeys is reporting live from Barcelona all week to bring you the very latest from the show floor. Head to our dedicated MWC 2019 hub to see all the new releases, along with Winkeys’s world-class analysis and buying advice about your next phone.