With most of the world still anxious about Covid-19 and demand for vaccines high, McAfee’s latest Mobile Threat Report sheds light on how hackers are targeting these fears with bogus apps, text messages, and social media invitations.
According to the report, the researchers found evidence of an SMS worm targeting Indian consumers, forming one of the earliest vaccine fraud campaigns.
Both SMS and WhatsApp messages encouraged users to download a vaccine app and once downloaded, malware sent itself to everyone in the user’s contact list via SMS or WhatsApp.
“As people increasingly spend more time online owing to the pandemic and staying connected on their mobile devices, hackers are cashing into target unsuspecting consumers,” Venkat Krishnapur, vice-president of engineering and managing director, McAfee Enterprise, India, said in a statement.
“With the dramatic increase in threats and cybercriminals exploiting mobile devices, our ongoing effort is to ensure that we protect what is of paramount importance to consumers — their personal data,” Krishnapur added.
Hackers are using mobile malware dubbed Etinu to read SMS messages and extract the information needed to confirm subscriptions to premium-rate services, unknown to the user. Over 700K downloads were reported before being detected and removed.
Once an app harbouring this malware is installed via the Google Play Store, the malware steals incoming SMS messages using a Notification Listener function, the report said.
It can then make purchases and sign up for premium services and subscriptions that get charged to the user’s account, it added.
The report also said that hackers are using banking Trojans to target hundreds of financial institutions around the world.
McAfee Mobile Security detected a 141% increase in Banking Trojan activity between Q3 and Q4 in 2020. Most Banking Trojans are distributed via mechanisms such as phishing SMS messages to avoid Google’s screening process.
As per the report, at the end of 2020 (Q4), the total mobile malware detected by McAfee reached 43 million, with over three million of these detections being new.