McAfee: Google Play Houses ''Risky'' Apps, More

On Tuesday McAfee pointed out the obvious in its first-ever "Mobile Security: McAfee Consumer Trends Report": that Google Play houses "risky" apps. The security firm also reports that cyber-criminals like to prey on children by luring them with links to popular apps listed in non-Google Play stores, only to serve up a plate full of malware instead.

According to McAfee, 75-percent of malware-infected apps downloaded by the McAfee user base were acquired from Google Play, showing that criminals are going to great lengths to insert attacks into trusted sources. That's a frightening thought considering that McAfee customers are apt to be more security conscious than the average consumer.

"The average consumer has a one in six chance of downloading a risky app," McAfee said. "Nearly 25-percent of the risky apps that contain malware also contain suspicious URLs, and 40 percent of malware families misbehave in more than one way."

McAfee defines a "risky" app as one that steals personal information (banking, email etc.) and combines that with the location data to compile a complete picture of the victim. A "risky" app also perpetuates fraud like SMS scams that charge your credit card or wireless bill without prior approval. It also abuses a device by making it part of a criminal bot network, which allows someone to remotely control your phone.

The report also states that mobile drive-by attacks, which were first spotted last year, will increase in 2013. These will fool mobile devices owners into downloading a malicious app without knowing it. Once the app is opened, the hacker gains access to the device.

McAfee also reports that hackers will begin to take full advantage of the new NFC technology this year. This tech is handy in making quick payments at the counter, or wirelessly exchanging photos or other media with friends with compatible devices. But hackers see another use for NFC, executing a sinister "bump and infect" attack to distribute malware.

"This scam uses worms that propagate through proximity," the report states. "The distribution path can quickly spread malware through a group of people such as in a passenger-loaded train or at an amusement park. When the newly infected device is used to “tap and pay” for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet. Worm malware like this will spread by exploiting vulnerabilities on devices. This development would monetize the 11.8-percent of malware families that already contain exploit behaviors."

McAfee provides the full report in PDF format here. The firm also provides tips on how to stay safe from mobile threats which are listed here.

 

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
12 comments
    Your comment
    Top Comments
  • ALANMAN
    I think McAfee is a crap company. At work I see client PCs with problems associated with McAfee's AV products regularly. Apparently they think everything is a virus; McAfee's products have in more than one instance had an update that blocks all HTTP traffic. The only solutions were uninstall it (gladly) or have the client wait until it's patched.
    11
  • Other Comments
  • ALANMAN
    I think McAfee is a crap company. At work I see client PCs with problems associated with McAfee's AV products regularly. Apparently they think everything is a virus; McAfee's products have in more than one instance had an update that blocks all HTTP traffic. The only solutions were uninstall it (gladly) or have the client wait until it's patched.
    11
  • dalethepcman
    75% were downloaded from google play. To me that says mcafee has a 755 false positive rate. Everything listed here doesn't actually work and is not a threat. This is more scare tactics trying to generate buzz about android being "unsafe" which should in turn generate McAfee revenue.

    Defining a "risky" app as one that steals (uses) personal data and location data. Well that rules out 99.9% of all android and iOS apps as "risky."

    Drive by app installs? Don't turn on third party app installs, your not supposed to unless you know what your doing.

    NFC hacking to distribute malware? I think not. Possibly a NFC "hack" like putting a fake card reader over a real care reader to steal the data, but not for malware distribution. It would take so long to distribute malware in this fashion that no one would bother.
    -1
  • house70
    Every Android app that I want to install asks about permissions before doing so. For rooted phones, it even states whether it needs root or not. McAfee is full of it, trying to promote their crappy software. Typical. Used to be Windows scare, now it's Android scare.

    I still have to meet someone (anyone) that has an infected Android-based phone.
    0