HACKERS are using fake mobile games and apps as stealth attack vectors to compromise smartphones and tablets.
This, of course, is not news to anyone in the gaming community, but it is an ever-present threat which has been highlighted again in the McAfee 2020 Mobile Threat Report (available to read here: https://www.mcafee.com/content/dam/consumer/en-us/docs/2020-Mobile-Threat-Report.pdf)
According to the report, there were more than 35 million malware attacks on mobile devices detected globally last year – many of them involving fake game or social media apps.
McAfee’s researchers uncovered fake versions of popular games and apps including Call of Duty FaceApp and Spotify attempting to prey on unsuspecting device users – especially younger ones.
The report summary said hackers were taking advantage of the popularity of gaming by distributing their malicious apps via links in popular gamer chat apps and cheat videos by creating their own content containing links to fake apps.
The fake apps have icons which look extremely like those of the real ones, but steal user data, serve unwanted ads and can provide a backdoor into the device for hackers.
According to the report, McAfee researchers analysed two HiddenAds variants – one pretending to be Call of Duty and the other a photo tool called FaceApp.
“Both used file names similar to their genuine counterparts and were distributed, not in Google Play, but as links in YouTube videos and other search results of people looking for free or cracked apps,” the report said.
“The fake apps used icons that closely mimic the real apps for additional authenticity. Once the app is installed on the phone, the icon is changed to one that mimics Settings.
“When the user clicks on this, the malicious app displays a fake error message—“Application is unavailable in your country. Click OK to uninstall.” However, clicking OK completes the installation and then hides the fake Settings icon, making it difficult for the user to find and delete the malware.”
McAfee chief scientist Raj Samani said there was a growing trend for malicious apps to remain hidden as they stole resources and data from compromised devices.
“Now, more than ever, it is critical consumers make themselves aware of modern threats and the steps they can take to defend themselves against them, such as staying on legitimate app stores and reading reviews carefully,” he said.
Mr Samani said the motivation the people creating fake and hidden apps was exactly what you’d think it was: money.
“The objective of these hidden apps is relatively straightforward: generate money for the developer,” he said.
“It is a growing threat, with almost half of all malware on the mobile platform consisting of hidden apps.”
Just to make things more complicated, some of the detected malware variants used a hijacked phone’s social media accounts to post fake reviews and ratings for other malware apps, muddying the waters for people checking to see if a suspicious app was genuine or not.
Besides running a decent anti-malware programme on your smart device, the usual online caveats remain in effect to help protect yourself from malware – if a link seems suspicious, don’t click on it, if an offer seems too good to be true it probably is, there really aren’t lots of attractive singles in your area waiting to meet you, there are no members of African royalty who need your help moving money around internationally, and so on.
One of the most important ways to help avoid malware issues on mobile phones and smart devices is fairly simple, though: only download apps and games from official and trusted sources like the Google Play or Apple App store.
“While some malicious apps do make it through the screening process, the majority of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources,” the report said.
“Before downloading something to your device, do some quick research about the source and developer. Many of these have been flagged by other users.”