ARCHIVES: This is legacy content from before Marketing Dive acquired Mobile Marketer in early 2017. Some information, such as publication dates, may not have migrated over. Check out the new Marketing Dive site for the latest marketing news.

Popularity of mobile banking apps makes them cybercrime targets: McAfee

This largest level of mobile malware ever were recorded in 2011 and the trend is expected to continue in 2012 with cybercriminals increasingly turning their focus to mobile banking attacks, according to a new report from McAfee Labs.

In the report 2012 Threat Predictions, McAfee Labs outlines the top Internet and  mobile security threats. On the mobile front, McAfee Labs predicts mobile attackers to improve on their skill set and move toward mobile banking attacks.

As consumers continue to embrace smart devices for data-centric services such as email, they need to realize that these services come at a price. The report from McAfee suggests that mobile security software is becoming as important for mobile devices as it is for desktop computers.

Straight to mobile
As more and more users handle their finances via mobile devices, McAfee Labs, Santa Clara, CA, expects attackers will bypass PCs and go straight after mobile banking apps.

Techniques previously used for online banking, such as stealing from victims while they are still logged on and making it appear that transactions are coming from a legitimate user, will now target mobile banking users.

In the past, cybercriminals used Zeus and SpyEye crimeware kits to steal money from online banking accounts. These same kits are now using mobile apps as helpers to bypass authentication and gain access to victims? money.

Attackers are adapting to efforts to track their activity in mobile and can now programmatically steal from victims while they are still logged on. As a result, the criminals? transactions appear to come from legitimate users.

Attackers have also added a delay in the transactions to make it seem like they are being performed by a person.

McAfee said it expects to see attacks that leverage this type of programmatic technique to occur more frequently next year.

Getting better
The report also predicts cybercriminals will improve upon tactics that have been popular in past, such as exploiting vulnerabilities to bypass system protections and gain greater control over mobile devices. Cybercriminals will also move on from simple destructive mobile malware to spyware and malware that makes them money.

In the coming year as developers and researchers develop new methods for rooting phones, McAfee expects to see malware authors adapting the lessons of PC malware development to undertake attacks that leverage the mobile hardware layer to a greater extent. PC-based malware is increasingly moving further down the operating system to take greater advantage of hardware and mobile malware is expected to follow the same direction.

Some of the threats include rootkits, which allow the installation of spyware, and botnets, which can cause ad clicks or send premium rate text messages. These enable cybercriminals to make money off their victims similar to how they work on PCS

Mobile variants of malware families such as Android/DrdDream, Android/DrdDreamLite,
and Android/Geinimi, as well as Android/Toplank and Android/DroidKungFu often use root exploits developed to enable customers to unlock their own phones as a way to gain access and take over victims? phones.

McAfee recently reported that as mobile malware continues to grow, Android-targeted malware is a significant part of the problem.

Bootkits, malware that replaces or bypasses system startup, also threatens mobile devices. Rooting one?s own phone or ebook reader opens the device to extra features or to replacing the operating system but this can also allow attackers to load their own modified OS.

Final Take
Chantal Tode is associate editor on Mobile Marketer, New York