Legitimate apps used for 2014 mobile malware push, reveals McAfee

The manipulation of legitimate mobile apps and services played a key role in the expansion of mobile malware, says McAfee

The manipulation of legitimate mobile apps and services played a key role in the expansion of mobile malware at the start of 2014, the latest report from security firm McAfee reveals.

Some 79% of sampled clones of the Flappy Birds game contained malware, according to the McAfee Labs Threats Report: June 2014.

Through these clones, attackers were able to make phone calls without user permission, install additional apps, extract contact list data, track geo-location and establish root access for uninhibited control over anything on the device, the report revealed.

The report highlights the need for mobile app developers to be more vigilant about the security of their apps and encourages users to be mindful when granting permission requests that criminals could exploit for profit.

McAfee Labs saw notable examples of mobile malware that take advantage of the features of trusted apps and services, including Android/BadInst.A, Android/Waller.A and Android/Balloonpopper.A.

Android/BadInst.A is a malicious mobile app that abuses app store account authentication and authorisation to automatically download, install and launch other apps without user permission.

Android/Waller.A is a Trojan that exploits a flaw in a legitimate digital wallet service to commandeer its money-transfer protocol and transfer money to the attacker’s servers.

Read more on mobile security

Android/Balloonpopper.A is another Trojan that exploits an encryption method weakness in the popular messaging app WhatsApp, allowing attackers to intercept and share conversations and photos without users’ permission.

“We tend to trust the names we know on the internet and risk compromising our safety if it means gaining what we most desire,” said Vincent Weafer, senior vice-president for McAfee Labs.

“The year 2014 has already given us ample evidence that mobile malware developers are playing on these inclinations, to manipulate the familiar, legitimate features in the mobile apps and services we recognise and trust,” he said.

Weafer said developers need to be more vigilant with the controls they build into apps, and users need to be more mindful of what permissions they grant.

Each quarter, the McAfee Labs team of 450 multi-disciplinary researchers in 30 countries follows the complete range of threats in real time, identifying application vulnerabilities, analysing and correlating risks, and enabling instant remediation to protect enterprises and the public.

According to the latest report, McAfee Labs’ database of mobile malware samples grew by 167% between the first quarter of 2013 and the first quarter of 2014.

Analysis revealed that new malicious signed binaries remain a popular form of attack, increasing by 46% in the first quarter of 2014.

New threats attacking the master boot record increased by 49% in the first quarter, reaching an all-time high for a single quarter.

Ransomware sample counts have dropped for three straight quarters, but McAfee Labs saw botnet providers include virtual currency mining capabilities with their services, reflecting the increasing popularity of digital currencies such as Bitcoin.

Read more on Web application security