Press Releases

McAfee Q2 Report: Mobile Threats Rebound as Banking Malware, Fake Dating Apps & Data-Stealing Apps

McAfee Labs today released the McAfee Threats Report: Second Quarter 2013, which found that Android-based malware saw a 35 per cent growth rate, a rate that has not been seen since early 2012. Ransomware samples more than doubled compared to in Q1 2013, and the number of suspicious URLs increased.

McAfee Labs researchers have discovered that cybercriminals are using a set of common mobile strategies to steal money and confidential information. Their weapons of choice include banking malware, fraudulent dating apps, trojanized apps and fake tools.

McAfee’s experts recommend consumers follow these five tips to safeguard themselves against malware threats:

  • Watch where you download: Only download apps from reputable app stores.
  • Investigate the app: Research it by reading reviews and checking its ratings.
  • Check the permissions: Make sure the app is only accessing data it really needs to function, studies have shown that 1/3 of apps ask for more permission than they need.
  • Don’t store your logins: Do not choose the “remember me” option for apps and mobile browser for your login information.
    • This way, if a stranger accesses your device they cannot log into your accounts as you.
  • Use security software: Security software can also help protect your phone against malware, bad apps and other mobile threats.
    • Ideally, it should allow you to remotely locate, track and lock your device in the case of loss or theft.


McAfee Labs Q2 Report Finds Mobile Threats Rebound

Second quarter report warns of SMS-stealing banking malware, fraudulent dating apps, and data-stealing apps; More ransomware samples in 2013 than in all previous periods combined

SANTA CLARA, Calif. – Aug. 21, 2013 – McAfee Labs today released the McAfee Threats Report: Second Quarter 2013, which found that Android-based malware achieved a 35 per cent growth rate not seen since early 2012. This rebound was marked by the continued proliferation of SMS-stealing banking malware, fraudulent dating and entertainment apps, weaponized legitimate apps, and malicious apps posing as useful tools. McAfee Labs registered twice as many new ransomware samples in Q2 as in Q1, raising the 2013 ransomware count higher than the total found in all previous periods combined.

The second quarter also saw a 16 per cent increase in suspicious URLs, a 50 per cent increase in digitally-signed malware samples, and notable events in the cyber-attack and espionage areas, including multiple attacks on the global Bitcoin infrastructure and revelations around the Operation Troy network targeting U.S. and South Korean military assets.

McAfee Labs researchers identified a set of common mobile strategies employed by cybercriminals to extract money and confidential information from victims, including the following:

  • Banking Malware – Many banks implementing two-factor authentication require customers to log into their online accounts using a username, password and a mobile transaction number (mTAN) sent to their mobile device via a text message. McAfee Labs researchers identified four significant pieces of mobile malware that capture traditional usernames and passwords, and then intercept SMS messages containing bank-account login credentials. The malicious parties then directly access accounts and transfer funds.
  • Fraudulent Dating Apps – McAfee Labs discovered a surge in dating and entertainment apps that dupe users into signing up for paid services that do not exist. Users attempt to access potential partners’ profiles and other content only to become further frustrated when the scam is recognized. The profits from the purchases are later supplemented by the ongoing theft and sale of user information and personal data stored on the devices.
  • Trojanized Apps – Research revealed the increasing use of legitimate apps altered to act as spyware on users’ devices. These threats collect a large amount of personal user information (such as contacts, call logs, SMS messages and location) and upload the data to the attacker’s server.
  • Fake Tools – Cyber criminals are also using apps posing as helpful tools, such as app installers that actually install spyware that collects and forwards valuable personal data.

“The mobile cybercrime landscape is becoming more defined as cyber gangs determine which tactics are most effective and profitable,” said Vincent Weafer, senior vice president, McAfee Labs. “As in other mature areas of cybercrime, the profit motive of hacking bank accounts has eclipsed the technical challenges of bypassing digital trust. Tactics such as dating and entertainment app scams benefit from the lack of attention paid to such schemes, while others simply target the mobile paradigm’s most popular currency: personal user information.”

Beyond mobile threats, the second quarter revealed the continued adaptability of attackers in adjusting tactics to opportunities, creating challenges to infrastructure upon which commerce relies, and utilizing a creative combination of disruption, distraction and destruction to veil advanced targeted attacks:

  • Ransomware – Over the past two quarters McAfee Labs has catalogued more ransomware samples than in all previous periods combined. The number of new samples in the second quarter was greater than 320,000, more than twice as many as the previous period, demonstrating the profitability of the tactic.
  • Digitally-signed malware – Malware signed with legitimate certificates increased 50 per cent to 1.2 million new samples, rebounding sharply from a decline in the first quarter. The trend of illegitimate code authenticated by legitimate certificate authorities could inevitably undermine confidence in the global certificate trust infrastructure.
  • Suspicious URLS – The second quarter’s increase in suspicious URLs shows how important “infected” sites remain as a distribution mechanism for malware. At June’s end, the total number of suspect URLs tallied by McAfee Labs reached 74.7 million, which represents a 16 per cent increase over the first quarter.
  • Spam Volume – Global spam volume continued to surge through the second quarter with more than 5.5 trillion spam messages. This represented approximately 70 per cent of global email volume.
  • Attacks on Bitcoin Infrastructure – The sudden activity in the Bitcoin market over the course of the past quarter attracted interest from cybercriminals. In addition to disruptive distributed denial of service (DDoS) attacks, they infected victims with malware that uses computer resources to mine and steal the virtual currency.
  • Operation Troy – McAfee Labs uncovered evidence suggesting that attacks on South Korean banks and media companies in March and June of this year were in fact connected to an ongoing cyber espionage campaign dating back to 2009. A study of forensic evidence suggested that the campaign was designed to target U.S. and South Korean military systems, identify and remove confidential files, and, when necessary, destroy the compromised systems through a master boot record (MBR) attack. Read the full report: Dissecting Operation Troy: Cyber Espionage in South Korea.

Each quarter, the McAfee Labs team of 500 multidisciplinary researchers in 30 countries follows the complete range of threats in real time, identifying application vulnerabilities, analyzing and correlating risks, and enabling instant remediation to protect enterprises and the public. To read the full McAfee Threats Report: Second Quarter 2013, please visit:

About McAfee
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers businesses, the public sector, and home users to safely experience the benefits of the Internet. The company delivers proactive and proven security solutions and services for systems, networks, and mobile devices around the world. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence network, McAfee is relentlessly focused on keeping its customers safe.

Note: McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Other names and brands may be claimed as the property of others.