Skip to main content

Mobile apps a big risk to expose user data

As 2015 comes to a close, researchers at McAfee have released a quarterly report to show which types of malware have been the most dangerous and most persistent during the third quarter.

According to the security researcher's report, old threat types repackaged with new social engineering approaches, new fileless malware families that can evade traditional detection methods, and the exploitation of poor mobile app cloud security coding practices have been the biggest threats.

The McAfee Labs Threats Report: November 2015 (opens in new tab)(PDF) says malware strains are being designed to take advantage of poor mobile app coding connecting mobile apps to back-end service providers. "Two mobile banking Trojans were able to intercept over 170,000 SMS messages of more than 13,000 banking customers, stealing credit card numbers and executing fraudulent transactions,” it says.

The report also looks at how fileless malware (one to leave almost no traces on disc) is able to enter the IT system in the first place as this malware becomes increasingly difficult to detect and stop.

According to McAfee, macro malware is making a return, with a fourfold increase in macro detection being registered over the last year, reaching the category’s highest growth rate since 2009. This increase is a result of increasingly sophisticated spearphishing campaigns which fool enterprise users into opening malware-bearing email attachments.

“The third quarter of 2015 reminds us that we must always innovate to stay ahead of the threat technology curve, we must never neglect common sense solutions such as best practices to avoid coding blunders, and that ongoing user education is imperative to counter attackers’ tactics such as social engineering,” McAfee says in the blog post (opens in new tab) regarding the report.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.