Cybersecurity: McAfee – 480 New Threats per Minute

Smart Blog

Cybersecurity: McAfee – 480 New Threats per Minute

From texting, to voice messaging, to mobile banking, people have a world of possibilities at their fingertips. But what happens when criminals take advantage of this reliance on mobile and IoT technology to threaten our cybersecurity? According to the latest McAfee Labs Threats Report, cyber criminals are leveraging fake apps and banking trojans to access users’ personal and financial information. Researchers saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices during the last quarter.
While new mobile malware declined by 24% in Q3, researchers did notice some unusual threats fueled by fake apps. In June, a scam was observed where crooks released YouTube videos with fake links disguised as leaked versions of Fortnite’s Android app. If a user clicked on the link to download this phony app, they would be asked to provide mobile verification. This verification process would prompt them to download app after app, putting money right in the cyber criminals’ pockets for increased app downloads.
Another fake app scheme that caught the attention of researchers was Android/TimpDoor. This SMS phishing campaign tricked users into clicking on a link sent to them via text. The link would direct them to a fabricated web page urging them to download a fake voice messaging app. Once the victim downloaded the fake app, the malware would begin to collect the user’s device information. Android/TimpDoor would then be able to let cyber criminals use the victim’s device to access their home network.
Researchers also observed a type of malware that disguises itself as a genuine app or software to obtain a user’s banking credentials. Cyber criminals employed uncommon file types to carry out spam email campaigns, accounting for nearly 500,000 emails sent worldwide. These malicious phishing campaigns used phrases such as “please confirm” or “payment” in the subject line to manipulate users into thinking the emails were of high importance. If a user clicked on the message, the banking malware would be able to bypass the email protection system and infect the device. Banking trojans were also found using two-factor operations in web injects, or packages that can remove web page elements and prevent a user from seeing a security alert. Because these web injects removed the need for two-factor authentication, cyber criminals could easily access a victim’s banking credentials from right under their noses.

To make your actions more secure, McAfee provided two tips for better cybersecurity:

  • Go directly to the source. Websites like YouTube are often prone to links for fake websites and apps so criminals can make money off of downloads.
  • Click with caution. Only click on links in text messages that are from trusted sources.

You can download the whole Cybersecurity report here.

Author: Tim Cole
Image Credit: McAfee

Leave a Reply

Your email address will not be published. Required fields are marked *