Expert React: McAfee Mobile Threat Report: C-19 Vax Appointment Trojans, Etinu Billing Fraud Malware

McAfee’s latest Mobile Threat Report: A Year of Lockdown Sees a Surge in Mobile Malware Targeting Banking, Billing and COVID-19 Vaccines includes key findings such as: 

  • COVID-related malware – more than 90% are in the form of Trojans; 
  • New information on Etinu mobile malware which steals SMS messages and then makes purchases charged to the user;  and 
  • Between Q3 and Q4 2020: 141% increase in Banking Trojan activities.
Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
July 1, 2021 11:57 am

<p>Malware embedded as a Trojan horse in mobile apps is becoming more prevalent as users take advantage of the convenience and utility of these apps.  New Trojan horses have been found in purported Covid-19 vaccine appointment apps, banking apps, and billing apps.  Embedded malware is very difficult for the average user to detect, and can cause serious harm in the form of stolen funds, and illicit purchases.</p>
<p>Without specific digital signatures, malware can be very hard to detect in apps.  However, by setting a baseline for device and application behavior, and using machine learning algorithms to detect and analyze anomalous behaviors, it’s possible to provide an early warning of apps that have malicious intent.  If the behavior is out of the ordinary, data-based risk analysis can enable enterprises to take action before significant damage is done.</p>

Last edited 1 year ago by Saryu Nayyar
David Stewart
InfoSec Expert
July 1, 2021 11:55 am

<p>Although publicly accessible 2FA (2 factor authentication) solutions such as one time codes sent by SMS are relatively new, they are already outdated because hackers can easily intercept them, through malware as in this example and other methods. 2FA has other forms such as biometric (face, voice, fingerprint) and client app authentication. 2FA approaches which are both invisible to users and dynamic – in that they repeat the authentication at regular intervals during a user session – are intrinsically a superior approach to preventing malware from succeeding in enabling user account access.</p>

Last edited 1 year ago by David Stewart
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x