Android users are no strangers to warnings of malware attacks targeting their devices, but this year might just be the worst year yet. A new report from security experts at McAfee has revealed the true scale of the problem. According to the anti-virus firm, “2021 is shaping up to be a year of malware misinformation and sneak attacks.” These new threats range from annoying adware that fills devices with endless pop-ups, to more serious banking malware which has the ability to steal personal financial data and access accounts. If you use Android, the best thing you can do is learn about the types of attack on the rise in 2021 so you know what to look out for when using your handset and downloading new apps.
Google has been hard at work making its Play Store far more robust, but just as fast, hackers have uncovered new techniques to infiltrate devices. One of the most popular ways to access a smartphone is to trick Android users to install apps via text messages or posts on social media.
Unlike Apple’s iPhone, Android is a much more open platform, which means applications can be installed from sources outside of the Play Store. This makes it a prime target for hackers intent on stealing data. So, if you own an Android phone here are four of the biggest threats to watch out for this year.
Banking Malware has boomed in recent months with McAfee Mobile Security detecting a 141 percent increase between Q3 and Q4 2020.
Most Banking Trojans are distributed via mechanisms such as phishing SMS messages to avoid Google’s screening process. These malicious apps appear as some type of security scanner, with names such as OutProtect, PrivacyTitan, GreatVault, SecureShield, and DefenseScreen
Once activated they pretend to scan the phone for issues but they are simply looking for apps related to the targeted financial institutions such as online banking. If one is found, the malware notifies the user that a popular app, such as Google Chrome, WhatsApp, or a fake PDF reader, is out of date and urging an immediate update.
Clicking the “Update Now” button downloads additional malicious code and asks the user to enable accessibility services, which gives the app broad control of the user’s device.
Scammers will stop at nothing in a bid to access devices and have even sunk as low as to use the COVID pandemic for financial gain.
With most of the world still anxious about COVID-19 and getting vaccinated, cybercriminals are targeting these fears with bogus apps, text messages, and social media invitations.
McAfee says malware and malicious links hidden inside these fakes display ads and try to steal banking information and credentials.
One of the earliest coronavirus vaccine fraud campaigns was recorded in India in November 2020, before any vaccines had been approved in the country. This operation started with SMS and WhatsApp messages that encouraged users to download an app to apply for the vaccine. However, it was simply a trick to gain personal data.
Another nasty threat called Etinu has the ability to steal incoming SMS messages using a Notification Listener function. Where this malware is clever is that it can read a message without triggering the SMS read permission or read receipts.
As a result, the app can process information in the messages without alerting the user that messages have been read.
It can use these capabilities to make purchases and sign up for premium services and subscriptions that get charged to the user’s account.
Speaking about its latest threat report, McAfee said: “To avoid security screening, many malware authors try to distribute their apps via SMS messages or links on popular social media sites. Others are writing apps with minimal but legitimate functionality, inserting malicious code during an update when scrutiny is lessened, and then downloading additional encrypted packages to obfuscate the real malware.
“Last year, cybercriminals expanded the methods they used to hide attacks and frauds, making them more difficult to identify and remove. Before downloading something to your device, do some quick research about the source and developer. Many of these have been flagged by other users.
“Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for accessibility services and message notification access.”
Original Source by [author_name]