Security firm McAfee India has warned that the year ahead of lockdowns and ever more time spent online will see a spike in phishing and misinformation attacks.
The latest report by McAfee India, an American cybersecurity company, reveals how hackers are capitalizing on the pandemic and targeting consumers with bogus apps and text messages designed to trick them into downloading malicious software.
This year, criminals have been targeting vaccine registration programs and distributing billing fraud malware. India and Chile have received the majority of attacks. Attackers have also been using banking Trojans to steal money from financial institutions around the world.
According to the study, over 90% of all pandemic-related malware were Trojans. McAfee researchers in particular mentioned an SMS worm targeting Indian consumers in what was one of the earliest vaccine fraud campaigns. The attackers’ SMS and WhatsApp messages pushed users to download a vaccine app. Once downloaded, the malware was sent to everyone in their contact list.
Researchers also described Etinu, a new type of mobile malware that was discovered earlier this year. It was able to infect users in Southwest Asia and the Middle East through Google Play. Once installed, the malware steals the incoming SMS messages via a notification Listener function and also can make purchases and sign up victims to premium services.
“As people increasingly spend more time online owing to the pandemic and staying connected on their mobile devices, hackers are cashing in to target unsuspecting consumers. With the dramatic increase in threats and cyber criminals exploiting mobile devices, our ongoing effort is to ensure that we protect what is of paramount importance to consumers – their personal data,” said Venkat Krishnapur, Vice President (Engineering) and Managing Director, McAfee Enterprise, India.
The rapid expansion of the global vaccination program has widened the attack area for cybercriminals. According to McAfee Advanced Threat, hackers are hiding malicious links inside fakes vaccination appointments and registrations ads.
These are capable of downloading malware that displays ads and gives the hacker full control over the device.
“We’ve seen how the pandemic not only led to an increased dependence on mobile devices but how it has prompted bad actors into developing new ways of tricking consumers and stealing their personal data. As well as these advanced forms of malware and deceit, we’ve seen that hackers are also returning to billing scams, but using new tricks,” said Raj Samani, McAfee Fellow, and Chief Scientist.