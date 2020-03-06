Arguably, malicious mobile application developers are some of the most creative people you will find; they have to be to continue finding ways to sneak away from the barriers of application markets like Google Play Store and trick unsuspecting users to download them. Meanwhile, a new report on the mobile application malware landscape points to a growing threat that is among the most creative approaches of all: it is less complicated to convince people that your application is legitimate when you simply hide it so you don't appear on the phone in is everything ok?

McAfee's new 2020 Mobile Threat Report discovered that hackers are using hidden mobile applications, along with third-party login and fake game videos to target a growing number of consumers.

%MINIFYHTML33f92f53bdb430354147e717cb8c0edc11% %MINIFYHTML33f92f53bdb430354147e717cb8c0edc12%

Security company research shows how hackers have expanded their efforts from the back doors and cryptocurrency mining that greatly characterized their efforts to target consumers last year. The presence of hidden mobile applications on devices, in particular, makes it appear that 2020 could be considered as the "year of the mobile sneak attack," according to new research. Hidden applications are, in fact, the most active mobile threat consumers face and were responsible for almost 50% of all malicious activities in 2019. That was 30% more than in 2018.

"Hackers continue to target consumers through channels where they spend most of their time: their devices, as the average person is expected to have 15 connected devices globally by 2030," the report said. "Hidden applications take advantage of unsuspecting consumers in multiple ways, including the advantage that consumers use third-party login services or serve unwanted ads."

Making the application remain hidden is particularly malicious, since the consumer does not know that it is on his device and, therefore, presumably does not know how to prevent it from draining resources and data from the device. However, that is not all that is happening. Among other trends, the new report identifies:

Another strain of new malware to consider uses third-party logins to fool application classification systems. According to the McAfee team, a new mobile malware called LeifAccess, also known as Shopper, "takes advantage of the accessibility features in Android to create accounts, download applications and publish reviews using names and emails configured on the victim's device." The researchers found that LeifAccess-based applications are shared through social networks, game platforms and other channels, and false warnings are used for the user to activate the necessary accessibility services that allow the full range of malware perniciousness.

As if all that wasn't enough, McAfee researchers also found that popular applications like Spotify and Call of Duty All have false variations that try to fool unsuspecting consumers, especially younger users. Applications often seem real and have icons that are almost the same as the real ones, but they exist to publish unwanted advertisements and steal user data. Definitely, another reminder to follow best practices for downloading applications, even by downloading known sources and paying more attention to the applications you select.

Image source: quietbits / Shutterstock