Warning over 'hidden apps' as mobile malware attacks increase - and get sneakier

Cyber criminals are turning to additional channels to help spread mobile malware - and the number of mobile malware attacks shows no sign of slowing down.
Written by Danny Palmer, Senior Writer

Mobile malware attacks are becoming more common as cyber criminals increasingly turn their attention towards smartphones – and they're ensuring that malicious activity is harder to uncover.

According to figures in the newly released McAfee Mobile Threat Report, the total number of detections for different types of mobile malware reached over 35 million during the final quarter of 2019, representing a jump of 10 million detections compared with 2018.

Analysis by researchers at McAfee found that half of these detections were what they class as 'hidden apps'; malicious applications that once installed are designed to completely avoid discovery on the device and therefore extremely difficult to remove.

The key goal of these applications is to generate money for the attacker, which often comes in the form of the infected device  downloading apps and automatically clicking on advertising links in the background, or constantly bombarding the user with pop-up adverts they can't get rid of.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)    

"There are thousands of apps out there that are actively hiding their processes after installation. Of course, that makes it difficult for people to delete them – so they just bug the hell out of people with invasive adverts and other things. But it's making money for bad guys, that's the reality," Raj Samani, chief scientist at McAfee, told ZDNet.

In order to help bypass security protections offered to Android users by the Google Play Store, cyber criminals are turning towards other channels to help distribute their malicious apps. This often sees attackers use comments below YouTube videos, or links in popular chat apps like Discord, that claim to offer free or cracked versions of well-known applications.

The download pages for these fake applications will use icons, text and imagery of the real app to add authenticity and encourage potential victims to download the malicious software – but then the app will seemingly disappear after installation.

Apps will sometimes just disguise themselves as something under the 'settings' menu of the phone, or the app will claim that it can't be installed in the user's country – while secretly installing the malware all along.

And because the application is hidden in such a way that the user is unlikely to be able to find it, the malware will drain the phone battery by performing actions that generate ad revenue.

Some attackers are even playing a longer game, slowly performing actions on an infected device over an extended period of time in order to have the greatest chance of the user questioning the suspicious activity.

SEE: This new Android malware comes disguised as a chat app

In order to avoid falling victim to hidden app attacks, it's recommended that users stick to downloading applications from official channels such as the Google Play Store.

However, while app stores do offer protections, some malicious apps do slip through, so it's also recommended that users read the reviews of the application – if there's a lot of negative reviews, it could be a sign of a suspicious or malicious app.

It's also recommended that users apply updates to their mobile operating system and apps when they appear, as this adds the latest security protections to the device.


Editorial standards