McAfee Warns Of Mobile Malware Growth And Flappy Bird Clones

McAfee says mobile malware is becoming more prevalent and effective and suggests developers and users need to do more

Smartphone users have been urged to be on the lookout for fake applications and to be more careful when granting certain permissions to apps amid growing instances of mobile malware.

McAfee’s latest Threats Report says that mobile devices are becoming easy targets for attackers pushing more effective malware, with tactics that abuse the popularity, features and vulnerabilities of legitimate apps and services.

“We tend to trust the names we know on the Internet and risk compromising our safety if it means gaining what we most desire,” said Vincent Weafer, senior vice president for McAfee Labs. “The year 2014 has already given us ample evidence that mobile malware developers are playing on these inclinations, to manipulate the familiar, legitimate features in the mobile apps and services we recognise and trust.”

Mobile Malware

Flappy Bird CloneThe most high profile example of this trend is the emergence of numerous clones of the popular game Flappy Bird, following the curious decision by its developer to remove it from official channels in February.

McAfee found that 79 percent of these clones contained malware that could make calls, send texts, extract contact lists, track a device’s location, install additional applications and even establish root access to control just about anything.

“Developers must become more vigilant with the controls they build into these apps, and users must be more mindful of what permissions they grant,” adds Weafer.

McAfee researchers discovered a number of notable examples of mobile malware during the first quarter of 2014, including Android/BadInst.A, which abuses app store account authentication to automatically download, install and launch apps without user permission.

Other instances include Android/Waller.A, a Trojan that exploits flaws in a digital wallet service to redirect funds to an attacker’s servers, and Android/Balloonpopper.A, a Trojan which exploits an encryption method weakness in messaging app WA to intercept conversations.

Other threats

The number of suspicious URLs grew by 19 percent to 18 million, the fourth consecutive quarter of growth and a record for a three month period, while there was also an increase in currency mining activity among botnets as virtual currencies become more popular – although McAfee doubts this is generating much profit for attackers since mining becomes more difficult as more miners join the ecosystem.

Instances of ransomware fell for the third consecutive quarter, but signed malware and master boot record malware remain popular forms of attack.

Finally, the security firm witnessed an increase in the number of Rootkits which has been falling ever since it reached record highs in 2011. This decrease has been attributed to the adoption of 64-bit processors, which make it more difficult to attack the operating system kernel, however such protections are now becoming less effective against organised attackers.

McAfee delayed the publication of this latest report because of Heartbleed, a major flaw in OpenSSL, but has not discussed it this time round because “it’s still too early to fully understand its impact” and will address it next quarter.

Are you a security pro? Try our quiz!