According to McAfee, fraudsters are capitalising on the situation with new approaches after a year of lockdowns and a surgre in time spent online and on devices, with 2021 shaping up to be a year of ‘malware misinformation and sneak attacks’.
Hackers are taking advantage of the pandemic to prey on unwary users, according to the McAfee’s newest Mobile Threat Report.
These include fraudulent apps targeting towards vaccine registration programmes, with India and Chile being the most targeted countries. Billing fraud malware is also included, which makes transactions behind the backs of consumers. Hackers are also targeting hundreds of financial institutions around the world with banking Trojans.
According to the report, Trojans made up more than 90% of all pandemic-related malware. Researchers from McAfee discovered evidence of an SMS worm that targeted Indian consumers, resulting in one of the first vaccine fraud campaigns.
Users were lured to download a vaccine app by SMS and WhatsApp messaging, and once done, the malware disseminated itself to everyone in the user’s contact list via SMS or WhatsApp. This malware is from the same family that was responsible for India’s ban on the Tik-Tok app in July of last year. Researchers have also discovered new information about Etinu, a mobile malware. Etinu was discovered being downloaded on Google Play with over 700,000 downloads before being detected and removed, mostly targeting users in Southwest Asia and the Middle East.
According to McAfee’s latest Mobile Threat Report, 2021 will be a year of malware misinformation and sneak attacks.
Total mobile malware detected by McAfee at the end of 2020 (Q4) was 43 million, with over three million of these detections being new.
This year, Trojans are one of the most serious threats to consumers, accounting for 90% of all pandemic-related malware.
With the majority of the globe still concerned about COVID-19 and vaccine demand high, McAfee’s research reveals how hackers are exploiting these anxieties with fake apps, text messages, and social media invitations.
Venkat Krishnapur, Vice President (Engineering) and Managing Director, McAfee Enterprise, India, said “As people increasingly spend more time online owing to the pandemic and staying connected on their mobile devices, hackers are cashing in to target unsuspecting consumers. With the dramatic increase in threats and cybercriminals exploiting mobile devices, our ongoing effort is to ensure that we protect what is of paramount importance to consumers – their personal data,”
The vaccination deployment has progressed at varying rates around the world during the last year, presenting lots of opportunity for hackers. Hackers are hiding malware and malicious links inside bogus vaccination appointments and registration display ads, according to McAfee Advanced Threat researchers.
These have the ability to download malware onto a user’s device that displays unwelcome ads, as well as activate accessibility features on the device to allow the hacker complete control, with the objective of stealing banking details and credentials.
According to the research, some of these campaigns began as early as November last year, before any vaccines had been officially approved, and others are continuing to surface as countries roll out their Covid-19 vaccination programmes.
Raj Samani, McAfee Fellow and Chief Scientist, said “We’ve seen how the pandemic not only led to an increased dependence on mobile devices, but how it has prompted bad actors into developing new ways of tricking consumers and stealing their personal data. As well as these advanced forms of malware and deceit, we’ve seen that hackers are also returning to billing scams, but using new tricks,”
Raj added “As consumers continue to carry out daily activities on-the-go, it is critical that they stay educated and proactive about protecting their personal data,”