On Tuesday McAfee pointed out the obvious in its first-ever "Mobile Security: McAfee Consumer Trends Report": that Google Play houses "risky" apps. The security firm also reports that cyber-criminals like to prey on children by luring them with links to popular apps listed in non-Google Play stores, only to serve up a plate full of malware instead.
According to McAfee, 75-percent of malware-infected apps downloaded by the McAfee user base were acquired from Google Play, showing that criminals are going to great lengths to insert attacks into trusted sources. That's a frightening thought considering that McAfee customers are apt to be more security conscious than the average consumer.
"The average consumer has a one in six chance of downloading a risky app," McAfee said. "Nearly 25-percent of the risky apps that contain malware also contain suspicious URLs, and 40 percent of malware families misbehave in more than one way."
McAfee defines a "risky" app as one that steals personal information (banking, email etc.) and combines that with the location data to compile a complete picture of the victim. A "risky" app also perpetuates fraud like SMS scams that charge your credit card or wireless bill without prior approval. It also abuses a device by making it part of a criminal bot network, which allows someone to remotely control your phone.
The report also states that mobile drive-by attacks, which were first spotted last year, will increase in 2013. These will fool mobile devices owners into downloading a malicious app without knowing it. Once the app is opened, the hacker gains access to the device.
McAfee also reports that hackers will begin to take full advantage of the new NFC technology this year. This tech is handy in making quick payments at the counter, or wirelessly exchanging photos or other media with friends with compatible devices. But hackers see another use for NFC, executing a sinister "bump and infect" attack to distribute malware.
"This scam uses worms that propagate through proximity," the report states. "The distribution path can quickly spread malware through a group of people such as in a passenger-loaded train or at an amusement park. When the newly infected device is used to “tap and pay” for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet. Worm malware like this will spread by exploiting vulnerabilities on devices. This development would monetize the 11.8-percent of malware families that already contain exploit behaviors."
McAfee provides the full report in PDF format here. The firm also provides tips on how to stay safe from mobile threats which are listed here.