Hackers using hidden apps to access smartphones, cybersecurity experts warn
4 March 2020, 10:44
McAfee has published its latest Mobile Threat Report, highlighting the growing danger of hidden apps being used to mask malware.
Hackers are increasingly using hidden apps to target mobile phone users, cybersecurity experts have warned.
Researchers from cybersecurity firm McAfee have published their latest Mobile Threat Report, which warns of the rise of hidden app attacks and their ability to access user data.
According to the annual study, phone users are being targeted by malicious apps which disguise themselves as popular downloads before hiding their icon, making them and the malware they contain harder to remove.
The research said hidden app attacks made up around 50% of malicious activity in 2019, an increase of 30% on the year before.
McAfee fellow and chief scientist Raj Samani said: “There exists a growing trend for many apps to remain hidden, stealing precious resources and important data from the device that acts as the remote control to consumers’ digital world.
“Now more than ever, it is critical consumers make themselves aware of modern threats and the steps they can take to defend themselves against them, such as staying on legitimate app stores and reading reviews carefully.”
McAfee’s report said some hackers use hidden apps to install advertising malware on smartphones, which fraudulently increases advertising revenue by redirecting users to different ad types and topics in a way that hides the infection.
The research found one app pretending to be the game Call Of Duty and another pretending to be photo-editing tool FaceApp which could be found in links in YouTube videos and other search results from people looking for free or “cracked” apps outside official stores.
McAfee’s researchers said once these apps were installed on a device, their icons changed to mimic the Settings app, but when tapped to open they would display an error message and tell users to tap OK to uninstall.
Following these steps would instead complete the installation and also hide the fake Settings icon, making the app harder to find to remove it and the malware.
“The objective of these hidden apps is relatively straightforward: generate money for the developer,” Mr Samani said.
“And it is a growing threat, with almost half of all malware on the mobile platform consisting of hidden apps.”
The report urges mobile phone users to only download apps and other content from official app stores, keep their software up to date and monitor their digital IDs to stay aware of any changes or actions they did not make. Any changes can be a sign a device or account has been compromised.
Terry Hicks, executive vice president of the consumer business group at McAfee, said the firm hoped its latest report would help make smartphone users more aware of cybersecurity dangers.
“Consumers are connected more than ever, and as we look at the current security landscape, as well as future risks, we want to make sure we are doing everything to help consumers protect what matters more to them – their personal data, as well as their family and friends,” he said.
“Mobile threats are playing a game of hide and steal, and we will continue to empower consumers to safeguard their most valued assets and data.”