Home News Mobile Malware – A Persistent Threat Targeting COVID Vaccines and Banking Activities

Mobile Malware – A Persistent Threat Targeting COVID Vaccines and Banking Activities

McAfee’s Mobile Threat Report 2021 revealed that attackers capitalized on the pandemic fears targeting unwitting users with bogus apps and texts. It uncovered over 43 million mobile malware variants in Q4 2020.

Malware and Vulnerability Trends Report, Mobile malware threats

In addition to high-profile ransomware attacks on various industry vectors, cyberattacks on mobile devices surged during the pandemic. When employees across the globe were adjusting to remote working, cybercriminals leveraged different kinds of mobile attacks exploiting the security loopholes in the system. COVID-19-themed cyberattacks took a massive toll on the cybersecurity community. Threat actors disrupted operations of several companies and government agencies compromised thousands of users’ sensitive data by spreading mobile malware, fake apps, and other mobile-related scams.

According to McAfee’s Mobile Threat Report 2021, hackers used Trojans, fraudulent apps, and malicious SMSs to target unwitting users. The fraudsters capitalized on pandemic fears with bogus vaccine-related apps, text messages, and social media links.

Key Findings 

  • Over 90% of malware attacks during the pandemic happened due to mobile Trojans.
  • In total, McAfee uncovered over 43 million mobile malware variants in Q4 2020.
  • A new kind of mobile malware, dubbed Etinu, was found to be distributed via Google Play and targeted users in Southwest Asia and the Middle East. The malware has more than 700K downloads before it was detected and removed.
  • Banking Trojan activity increased 141% between Q3 and Q4 2020, which are distributed via phishing and fraudulent messages.
  • McAfee discovered Brazilian Remote Access Tool Android (BRATA), a banking Trojan, targeting thousands of users into downloading it.

Vaccine Rollout Increases Mobile Threats

McAfee stated that the COVID-19 vaccination campaigns created ample opportunities for cybercriminals across the globe. Threat actors distributed malware disguised as vaccination slot booking SMS and registration ads. Once the user clicks on the link, it automatically downloads the malware and takes control of the victim’s device.

Unfortunately, some of these fake vaccine campaigns started in November 2020, before any vaccines had officially been approved.

“As people increasingly spend more time online owing to the pandemic and staying connected on their mobile devices, hackers are cashing into target unsuspecting consumers. With the dramatic increase in threats and cybercriminals exploiting mobile devices, our ongoing effort is to ensure that we protect what is of paramount importance to consumers – their personal data. As fraudsters continue to experiment with newer methods and advanced techniques to bypass security screening, we aim to assist consumers by guiding them to remain vigilant and raise awareness on the importance of safeguarding their data and personal devices,” said Venkat Krishnapur, vice-president of engineering and managing director, McAfee Enterprise, India.