Scroll
Watch Out for the MalBus
DEVELOPER ACCOUNTS HACKED
Protect what matters.
McAfee Mobile Security is robust award-winning security for the entire family.
Download the Report
Click or Tap to download the full pdf
Subscribe to
Our Blog
Download
the Entire Report
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the US and other countries.
Other marks and brands may be claimed as the property of others. Copyright © 2020 McAfee LLCMARCH 2019
Back to top
What You See is
Not What You Get
Malware monetization techniques
You Are the Click Farm
FAKE REVIEWS ARE monetizing cybercrime
Download the Entire Report
Ad Fraud and Fake Reviews
LeifAccess also looks for reviews that match words and phrases related to positive reviews and can
give them a five-star rating to boost their visibility
and ranking.
Future Threats
LeifAccess can act as an installer for other malware. Data collection and personal privacy will continue to be an ongoing but growing challenge for companies, users, and regulators.
Abusing Accessibility
One of the key features being abused is the ability to automate actions in the graphical interface in the background.
Fake Security Notifications
LeifAccess is known to be distributed via fraudulent advertising and also found uploaded to Discord, a chat service for gamers. Fake warnings are used to get the user to activate accessibility services, enabling the full range of the malware’s capabilities.
Ratings and reviews have a significant impact on an app’s ranking, so generating fake reviews is becoming another way of monetizing cybercrime. A new malware family, called LeifAccess or Shopper, takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews.
in predicted to be a year of mobile sneak attacks
2020
of all malicious activities in 2019 were from hidden mobile apps
%
50
increase in
hidden apps
%
30
watch our LATEST Product video
Mobile Malware is Playing Hide & Steal
Download the Entire Report
This website includes a summary of highlights of our Mobile Threat Report. Download the full version for the comprehensive McAfee Mobile Threat Report.
Summary
Watch Out for the MalBus
What You See is Not What You Get
You Are the Click Farm
Mobile Malware Is Playing Hide & Steal
JUMP TO A SECTION THAT INTERESTS YOU
GO FULLSCREEN
McAFEE MOBILE THREAT REPORT Q1, 2020
Mobile Malware is
Playing Hide & Steal
There is a growing trend for apps to hide themselves, stealing precious resources and data from mobile devices that are the passport to our digital world. The objective of these hidden apps is simple: generate money for the developer. And it is a growing threat, with almost half of all malware on the mobile platform consisting of hidden apps.
Summary
Contents
malware monetization techniqueS
HiddenAds telemetry, 2019.
Consider the number of applications on your smartphone today. Which ones are actively used? Which ones are no longer used? While this is a simple check, more important questions often go unanswered. For example, do you know what data each app collects? What they do with the data? Or even who they share it with? Although it may be possible to find answers to some of these questions, chances are some, even most of them, will remain unanswered.
Hidden apps are the most active mobile threat category, generating almost half of all malicious telemetry this year, a 30% increase from 2018. Thousands of apps are actively hiding their presence after installation, making them difficult to locate and remove while annoying victims with invasive ads.
McAfee Mobile Research team discovered Daegu Bus was one of four popular Korean language bus information apps in South Korea to be compromised in this attack. The malware tries to phish for the user’s Google account information, scans the device for sensitive military and political keywords, and uploads any matching documents. These apps, which have provided regional transit information, such as bus stop locations, route maps, and schedule times for more than five years, have now been removed from Google Play. The infected apps contain an additional library that reaches out to one of several hacked web servers to get a malicious plugin, disguised as a media file with a .mov extension.
Malbus Spyware
What is it? Targeted attack hidden in a legitimate South Korean transit app by hacking the original developer’s Google Play account.
Mobile malware is finding new ways to hide
Still Going for the Easy Money
With the exception of nation-state attacks, most mobile cybercriminals seem to want the quickest and easiest path to money. After trying several different ways of monetizing their efforts over the last few years, click fraud, fake reviews, and malvertising appear to be the easy money. Advertisers pay small amounts for each ad display or click-through, so the trick is to trigger as many fraudulent actions as possible before getting caught. Initially, these malicious apps would act early and quickly, but now they are slowing down, hoping to remain unnoticed.
Read Reviews with a Critical Eye
Reviews and rankings are still a good method of determining whether an app is legitimate. However, watch out for reviews that reuse the same simple phrases, as they are probably an indication of fake reviews pumping up a suspicious or malicious app.
Global LeifAccess Malware Detections 2019
Android-based malware that abuses single sign-on and accessibility services to create accounts and post fake reviews.
Detections Increase
New mobile malware detections by quarter
Total mobile malware detections by quarter
Stay on the App Stores
While some malicious apps do make it through the screening process, the majority of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your device, do some quick research about the source and developer.
Use Security Software
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyberthreats.
Update Software
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Monitor Your IDs
Use ID monitoring tools to be aware of changes or actions that you did not make. These may have been caused by malware and could indicate that your phone or account has been compromised.
Connect With Us
2020 is looking like the year of mobile sneak attacks. Last year, cybercriminals and nation-states increased their mobile attacks with a wide variety of methods, from backdoors to mining cryptocurrencies.
This year, they have expanded the ways
of hiding their attacks and frauds, making them increasingly difficult to identify
and remove.
Download the Entire Report
Download the Entire Report
What to Do
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users can take to limit their exposure and risk.
Summary
Watch Out for the MalBus
What You See is Not What You Get
You Are the Click Farm
Mobile Malware Is Playing Hide & Steal
For iOS
For Android