Hackers are hijacking third-party sign-on, hot trends, and popular games and entertainment apps to steal monetizable data from YOU!

There is a growing trend for certain apps to hide themselves and then steal precious resources and data from mobile devices.

The objective of these hidden apps is relatively straightforward: generate money for the developer. According to a recent threat report by McAfee, it is a growing menace, with almost half of all malware on the mobile platform consisting of hidden apps.

Hidden apps accounted for 50% of all malicious activities in 2019, up 30% from 2018. This year is apparently the year of mobile sneak attacks, as hackers utilize hidden mobile apps and unique means of distribution, becoming invisible from the eyes of consumers as they siphon off data from consumers.

Total mobile malware detections by quarter

These threats are hard to detect and remove, coming in the form of mobile apps, third-party login and counterfeit gaming videos. They take advantage of consumers through third-party login services, or by serving intrusive advertisements.

These are the findings of the McAfee Mobile Threat Report 2020, which focuses on the following points:

  • Hackers are using gaming popularity to spoof consumers
    Links to malicious apps are distributed on gaming channels and videos, and popular apps such as Spotify, Call of Duty and FaceApp have fake counterparts which prey on unsuspecting users, such as the young.
  • Mobile malware is using third party sign-on to cheat app ranking systems
    New information has been gleaned about a new strain of mobile malware, LeifAccess, which takes advantage of accessibility features in Android, creating accounts, downloading apps and posting reviews using names and emails from the user’s system. Apps based on LeifAccess are distributed by social media, gaming platforms, game chat apps and malvertising, using fake warnings to activate accessibility services.
  • Stealing data through legitimate apps
    McAfee researchers also found a series of South Korean transit apps which were compromised through the original creator’s Google Play account. These apps show bus stop locations and route maps, but now also exfiltrate information and files from devices they are on.

Our lives may be getting more interconnected with smart devices and the Internet of Things, with the average consumer estimated to own 15 connected devices by 2030. However, the connectivity is also a vector for malicious players to exploit, giving them access to personal information.

Let us avoid becoming click farms for the benefit of hackers this year, by observing good cyber hygiene.