Mobile apps a big risk to expose user data

As 2015 comes to a close, researchers at McAfee have released a quarterly report to show which types of malware have been the most dangerous and most persistent during the third quarter.

According to the security researcher's report, old threat types repackaged with new social engineering approaches, new fileless malware families that can evade traditional detection methods, and the exploitation of poor mobile app cloud security coding practices have been the biggest threats.

The McAfee Labs Threats Report: November 2015 (PDF) says malware strains are being designed to take advantage of poor mobile app coding connecting mobile apps to back-end service providers. "Two mobile banking Trojans were able to intercept over 170,000 SMS messages of more than 13,000 banking customers, stealing credit card numbers and executing fraudulent transactions,” it says.

The report also looks at how fileless malware (one to leave almost no traces on disc) is able to enter the IT system in the first place as this malware becomes increasingly difficult to detect and stop.

According to McAfee, macro malware is making a return, with a fourfold increase in macro detection being registered over the last year, reaching the category’s highest growth rate since 2009. This increase is a result of increasingly sophisticated spearphishing campaigns which fool enterprise users into opening malware-bearing email attachments.

“The third quarter of 2015 reminds us that we must always innovate to stay ahead of the threat technology curve, we must never neglect common sense solutions such as best practices to avoid coding blunders, and that ongoing user education is imperative to counter attackers’ tactics such as social engineering,” McAfee says in the blog post regarding the report.