Android-based malware grew 35% in the second quarter, a growth rate not seen since early 2012, finds to the latest McAfee Threats Report.
This rebound was marked by the continued proliferation of SMS-stealing banking malware, fraudulent dating and entertainment apps, weaponized legitimate apps and malicious apps posing as useful tools.
McAfee Labs registered twice as many new ransomware samples in Q2 as in Q1, raising the 2013 ransomware count higher than the total found in all previous periods combined.
The second quarter also saw a 16% increase in suspicious URLs, a 50% increase in digitally-signed malware samples, and notable events in the cyber-attack and espionage areas, including multiple attacks on the global Bitcoin infrastructure and revelations around the Operation Troy network targeting US and South Korean military assets.
McAfee Labs researchers identified a set of common mobile strategies employed by cybercriminals to extract money and confidential information from victims:
- Banking Malware. Many banks implementing two-factor authentication require customers to log into their online accounts using a username, password and a mobile transaction number (mTAN) sent to their mobile device via a text message. McAfee Labs researchers identified four significant pieces of mobile malware that capture the traditional usernames and passwords, and then intercept SMS messages containing bank account login credentials. The malicious parties then directly access accounts and transfer funds.
- Fraudulent Dating Apps. McAfee Labs discovered a surge in dating and entertainment apps that dupe users into signing up for paid services that do not exist. Lonely users attempt to access potential partners’ profiles and other content only to become further frustrated when the scam is recognized. The profits from the purchases are later supplemented by the ongoing theft and sale of user information and personal data stored on the devices.
- Trojanized Apps. Research revealed the increasing use of legitimate apps altered to act as spyware on users' devices. These threats collect a large amount of personal user information (contacts, call logs, SMS messages, location) and upload the data to the attacker’s server.
- Fake Tools. Cyber criminals are also using apps posing as helpful tools, such as app installers that actually install spyware that collects and forwards valuable personal data.