Beware bump and infect swindle
Security software company McAfee says it anticipates more fraud-oriented malware in 2013 with one likely innovative content swindle will abuse the tap-and-pay near field communications (NFC) technology used in mobile payment programs, or “digital wallets.”
This scam, it says, could involve worms that propagate through proximity, what its calls “bump and infect.” This distribution path could quickly spread malware through a trainload of passengers or a theme park.
When the newly infected device is used to “tap and pay” for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet, McAfee says.
The anti virus software firm has released the results of its Mobile Security: McAfee Consumer Trends Report, documenting sophisticated and complex risky apps containing multi-faceted scams, black market crimes, drive-by downloads and near-field communication threats.
The report identifies a new wave of techniques hackers use to steal digital identities, commit financial fraud, and invade users’ privacy on mobile devices.
Mobile platforms have become increasingly attractive to cybercriminals as consumers live more of their digital lives on smartphones and tablets, McAfee says.
According to IDC, mobile devices are surpassing PCs as the preferred way to access the Internet and the number of people using PCs to go online will shrink by 15 million over the next four years, while the number of mobile users will increase by 91 million.
With the mobile space becoming a more enticing platform for online mischief, the complexity and volume of threats targeting consumers will continue to increase, McAfee says.
“Despite elevated consumer awareness of threats on mobile platforms, there is still a significant knowledge gap surrounding how and when devices become infected and the level of potential damage,” said Luis Blando, vice president of mobile product development at McAfee.
In the report, McAfee Labs identifies the following threats as the most severe existing and new trends consumers will encounter in 2013:
- Risky Apps: Cybercriminals are going to great lengths to insert infected apps into trusted sources such as Google Play and the risks within each app are becoming more intricate.
- Black Market Activity: Botnet clients, downloaders, and rootkits are generic, useful software sold on black markets as part of software toolkits. Criminals use these to commit premium SMS and click fraud, spam distribution, data theft, or bank fraud – and the complexity of these criminal activities is growing.
- Drive-by Downloads: The first mobile drive-by downloads were seen in 2012 and we expect these to increase in 2013. On a mobile device, a drive-by download fools a user into downloading an app without knowing it. Once a user opens the app, criminals have access to the device.
- Near Field Communication: In 2013, McAfee expects to see criminals abuse NFC technology used in mobile payment programs, or “digital wallets.”
“As the mobile space evolves, criminals will look at ways to generate revenue from features only mobile devices have. During 2012, about 16% of malware families detected by McAfee attempted to get devices to subscribe to premium SMS messages.
“In 2013, we foresee an increase in threats that will have users finding out they bought premium apps only when they check their bills,” the anti spyware firm said.
What’s Next?
“We expect attacks to become increasingly sophisticated in the near future. Suspicious URLs will result more often in malware infections, likely through more use of silent drive-by downloads. Joining drive-by downloads and black hat SEO, other proven PC-oriented threats will migrate into mobile device environments,” McAfee said.
More on security software
Internet users suffer password fatigue
Tech companies alarmed by security scandal
Internet giants deny granting US government ‘direct access’ to servers
Cyber spying, privacy violation and data collection controversy erupts
Loading ...