McAfee Warns Of Mobile Malware Growth And Flappy Bird Clones

Smartphone users have been urged to be on the lookout for fake applications and to be more careful when granting certain permissions to apps amid growing instances of mobile malware.

McAfee’s latest Threats Report says that mobile devices are becoming easy targets for attackers pushing more effective malware, with tactics that abuse the popularity, features and vulnerabilities of legitimate apps and services.

“We tend to trust the names we know on the Internet and risk compromising our safety if it means gaining what we most desire,” said Vincent Weafer, senior vice president for McAfee Labs. “The year 2014 has already given us ample evidence that mobile malware developers are playing on these inclinations, to manipulate the familiar, legitimate features in the mobile apps and services we recognise and trust.”

Mobile Malware

The most high profile example of this trend is the emergence of numerous clones of the popular game Flappy Bird, following the curious decision by its developer to remove it from official channels in February.

McAfee found that 79 percent of these clones contained malware that could make calls, send texts, extract contact lists, track a device’s location, install additional applications and even establish root access to control just about anything.

“Developers must become more vigilant with the controls they build into these apps, and users must be more mindful of what permissions they grant,” adds Weafer.

McAfee researchers discovered a number of notable examples of mobile malware during the first quarter of 2014, including Android/BadInst.A, which abuses app store account authentication to automatically download, install and launch apps without user permission.

Other instances include Android/Waller.A, a Trojan that exploits flaws in a digital wallet service to redirect funds to an attacker’s servers, and Android/Balloonpopper.A, a Trojan which exploits an encryption method weakness in messaging app WA to intercept conversations.

Other threats

The number of suspicious URLs grew by 19 percent to 18 million, the fourth consecutive quarter of growth and a record for a three month period, while there was also an increase in currency mining activity among botnets as virtual currencies become more popular – although McAfee doubts this is generating much profit for attackers since mining becomes more difficult as more miners join the ecosystem.

Instances of ransomware fell for the third consecutive quarter, but signed malware and master boot record malware remain popular forms of attack.

Finally, the security firm witnessed an increase in the number of Rootkits which has been falling ever since it reached record highs in 2011. This decrease has been attributed to the adoption of 64-bit processors, which make it more difficult to attack the operating system kernel, however such protections are now becoming less effective against organised attackers.

McAfee delayed the publication of this latest report because of Heartbleed, a major flaw in OpenSSL, but has not discussed it this time round because “it’s still too early to fully understand its impact” and will address it next quarter.

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

4 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

5 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

6 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

7 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

10 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

11 hours ago