A new report from security and virus software company McAfee has highlighted the dangers of “free” apps infected with malware.
The McAfee Consumer Trends Report for June 2013 has revealed new ways that cybercriminals abuse app permissions to commit fraud and install malware, and also shows that games are the most common form of these malware-infected apps.
McAfee Labs found that, under the camouflage of “free” apps, criminals are able to get consumers to agree to invasive permissions that allow scammers to deploy malware.
The permissions in free apps, funded by adware, leak personal information which ad networks use to serve targeted ads; however, McAfee found that 26% of apps are likely more than just adware.
SMS scams and rooting exploits were among the most popular types of threats seen across a variety of apps, McAfee said.
“Most consumers don’t understand or even worry about the app permissions they agree to,” said Luis Blando, vice president of mobile product development at McAfee.
“Because of that, cybercriminals are increasingly abusing app permissions as an efficient way to deliver mobile malware. Through these agreements mobile consumers are unwittingly putting their personal information into the hands of criminals disguised as ad networks, and opening up endless doors for scammers.”
McAfee also warned that even apps with high review scores could be risky, as malware known as FakeRun automatically gives the app in question a 5-star review score when users click to close ads.
The “Games” and “Personalisation” categories are most hit with malcious apps. According to McAfee, the top two malicious app downloads in the first four months of 2013 were apps Google had bounced in February: a sniper game and Lost Temple II.
“If you downloaded these apps before they were removed from Google Play, you may still be running them, unaware of the risk. You should update your mobile security software and rescan the apps on your device on a weekly basis,” McAfee said.
According to the report, Russia is the top source of malicious apps, while Android OS 4.0 Ice Cream Sandwich was the most popular platform for malware.