What’s the future of cybercrime? In short, it’s mobile devices. That’s the new target for cybercriminals, and their attacks are getting more sophisticated. One of the biggest innovations in mobile technology is mobile banking, and cybercriminals are right on top of it with new ways to get into your account and hack other vital information, says a new report from McAfee Labs.
“In today’s digital world, we use our smartphones for just about everything, so the idea of paying with your mobile device sounds fun and convenient. That is until a cybercriminal unleashes a near field communication (NFC) hack while you’re sitting on the bus on the way to work or standing in line at an amusement park,” says Lianne Caetano, director of mobility product marketing at McAfee, in a post about the report. “An NFC attack deploys viruses that disseminate through proximity to quickly spread malware through a crowd, a process the McAfee Labs team calls ‘bump and infect.’ Once the malware infects a device, the scammer collects the details associated with your digital wallet account and secretly reuses these credentials to steal your money.”
Caetano said NFC attacks are just one of several types of mobile scams that are expected to proliferate in 2013. As the smartphone market explodes, and the devices become capable of more important transactions, the hacks are becoming more sophisticated, destructive and difficult to spot.
In its newly released Mobile Security: McAfee Consumer Trends Report, McAfee Labs identified and analyzed a variety of mobile security threats. Here are two of the most common.
Bad Apps. Cybercriminals are going to great lengths to insert bad apps into trusted sources such as Google Play, and using them as the gateway to a multitude of mobile hacks. McAfee Labs found that 75 percent of the malware-infected apps downloaded by McAfee Mobile Security users were housed in the Google Play store, and the average consumer has a one-in-six chance of downloading a risky app. About a quarter of these risky apps contain both malware and a suspicious URL capable of generating click fraud or phishing schemes for personal information.
Complex malware. McAfee Labs found that 40 percent of malware misbehaves in more than one way. A complex attack helps criminals achieve success because they are hard to detect and they often take advantage of the specific technologies or vulnerabilities of a mobile device. Malware poses a real threat to consumers and can be very lucrative for criminals.
The chart above shows a broad range of malicious or potentially undesirable attack methods associated with Android malware families from 2007 through 2012. About half of all malicious behaviors are related to either spying, which could mean a criminal is browsing your text message history, or sending handset information, said Caetano.
Caetano said it makes sense to pay attention to the permissions requested by an app and keep an eye on monthly bills to catch premium content fraud quickly. Also, look carefully at the URL or address bar of all websites and apps, as attackers will lure users in by building a web page or link with the common misspelling of a popular page or app. For example, if you’re searching for “example.com” a criminal might build an attack around “exemple.com.”
“The moral of this mobile security story is that it’s time that we all take mobile protection a little bit more seriously,” said Caetano. For more information, download the full report.