When it comes to security, mobile threats are on the rise, according to the June 2014 McAfee Labs Threat Report released today. New mobile malware has increased for five straight quarters, with a total mobile malware growth of 167 percent in the past year alone. Total mobile malware has increased steadily since the first quarter of 2012.
“The one shining light is that we’re focusing on the mobile network,” says Raj Samani, CTO for McAfee EMEA, in reference to the report. “Criminals are focusing on the mobile platform. We’re going to see more issues with regards to malicious apps.”
Overall, security threats are also growing with 200 new threats every minute, the report states. In addition to 2.4 million new samples of mobile malware, 2013 also brought 1 million new unique samples of ransomware, 5.7 million new malicious signed binaries, and 2.2 million new MBR-attack-related samples.
Beyond the numbers, here are three important takeaways from the report:
Beware of Flappy Bird clones. McAfee uses the example of Flappy Bird to highlight the dangerous combination of social engineering and popular mobile games. After the original Flappy Bird app was pulled from app stores in February 2014, a “flock of malevolent ‘Flappy Bird’ clones” was created to meet the soaring demand for the app, according to the report. McAfee Labs sampled 300 of these Flappy Bird clones and found that 79 percent of them contained malware. This malware could be used to make calls, install additional apps, send and receive SMS messages, extract contact data, track geo-location, and establish root access, which would allow uninhibited control of the mobile app. (Playing Flappy Bird starts to sound far less appealing with these kinds of risks). Samani says that this is a good example of why consumers should be suspicious of free, third-party apps. “There has to be a return on investment in some way shape or form,” he explains. “If I give away a free app, why is it free?”
Botnet mining, especially on mobile devices, isn’t profitable. With the rise of virtual currencies like Bitcoin, it’s not surprising that there has also been a rise in the number of botnets with virtual currency-mining functionality. This means that the botnet owners can mine virtual currency, without the knowledge of the owner of the infected device. After studying the profitability of these mining botnets, McAfee describes them as a “futile effort,” thanks to difficulty level of common mining algorithms and the non-specialized hardware that the malware is infecting. Profitability is even less on mobile platforms, yet the report states that virtual currency mining via botnets “has moved into the mainstream,” driven by a desire for any and all profit.
Mobile malware is attacking apps and services. While mobile malware traditionally attacks standard mobile platforms, malware developers have recently started abusing vulnerability in apps and services. Examples in the McAfee report include malware that abuses Google account authentication, obtains money through Google Wallet, and takes advantage of encryption weakness in the popular messaging app, WhatsApp. Because of this, the report states that protecting mobile platforms is not enough. Developers need to work harder to protect apps and services, and consumers also need to be more careful when granting app permission requests. Samani notes that most people don’t even read app permissions, much less make informed decisions based on that information.
Overall, the take-away from this report is similar to most cyber security reports that have come out this year, with the added focus on mobile threats. Cyber threats are rising, and businesses and consumers need to be more alert and take greater precautions. “The reality is that for criminals, cyber is the new battleground,” says Samani. He notes that while our five senses often prepare us for physical danger, we can’t rely on our senses in the digital world. “As consumers we need to take steps and measures to make sure we don’t click on the link. If we’re downloading apps, we need to permissions. A lot of it is common sense.”