Expert React: McAfee Mobile Threat Report: C-19 Vax Appointment Trojans, Etinu Billing Fraud Malware

McAfee’s latest Mobile Threat Report: A Year of Lockdown Sees a Surge in Mobile Malware Targeting Banking, Billing and COVID-19 Vaccines includes key findings such as: 

  • COVID-related malware – more than 90% are in the form of Trojans; 
  • New information on Etinu mobile malware which steals SMS messages and then makes purchases charged to the user;  and 
  • Between Q3 and Q4 2020: 141% increase in Banking Trojan activities.

Experts Comments

July 01, 2021
Saryu Nayyar
CEO
Gurucul

Malware embedded as a Trojan horse in mobile apps is becoming more prevalent as users take advantage of the convenience and utility of these apps.  New Trojan horses have been found in purported Covid-19 vaccine appointment apps, banking apps, and billing apps.  Embedded malware is very difficult for the average user to detect, and can cause serious harm in the form of stolen funds, and illicit purchases.

Without specific digital signatures, malware can be very hard to detect in apps. 

.....Read More

Malware embedded as a Trojan horse in mobile apps is becoming more prevalent as users take advantage of the convenience and utility of these apps.  New Trojan horses have been found in purported Covid-19 vaccine appointment apps, banking apps, and billing apps.  Embedded malware is very difficult for the average user to detect, and can cause serious harm in the form of stolen funds, and illicit purchases.

Without specific digital signatures, malware can be very hard to detect in apps.  However, by setting a baseline for device and application behavior, and using machine learning algorithms to detect and analyze anomalous behaviors, it’s possible to provide an early warning of apps that have malicious intent.  If the behavior is out of the ordinary, data-based risk analysis can enable enterprises to take action before significant damage is done.

  Read Less
July 01, 2021
David Stewart
CEO
CriticalBlue - Approov

Although publicly accessible 2FA (2 factor authentication) solutions such as one time codes sent by SMS are relatively new, they are already outdated because hackers can easily intercept them, through malware as in this example and other methods. 2FA has other forms such as biometric (face, voice, fingerprint) and client app authentication. 2FA approaches which are both invisible to users and dynamic - in that they repeat the authentication at regular intervals during a user session - are

.....Read More

Although publicly accessible 2FA (2 factor authentication) solutions such as one time codes sent by SMS are relatively new, they are already outdated because hackers can easily intercept them, through malware as in this example and other methods. 2FA has other forms such as biometric (face, voice, fingerprint) and client app authentication. 2FA approaches which are both invisible to users and dynamic - in that they repeat the authentication at regular intervals during a user session - are intrinsically a superior approach to preventing malware from succeeding in enabling user account access.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.