Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Mobile Malware Leveraging Trusted App and Service Vulnerabilities: McAfee

Cybercriminals are increasingly abusing flaws in trusted mobile apps and services in an effort to distribute malware, McAfee Labs revealed in a threat report published on Tuesday.

Cybercriminals are increasingly abusing flaws in trusted mobile apps and services in an effort to distribute malware, McAfee Labs revealed in a threat report published on Tuesday.

McAfee’s report provides three examples of malicious applications exploiting features and vulnerabilities in legitimate apps and services. The first example details how an app offered on Google Play automatically downloaded, installed, and launched other apps without a user’s permission. The application in question, detected as Android/BadInst.A, helped the attackers make a profit through a pay-to-download scheme, but it could have been used just as easily to download malware.

A different threat, a Trojan detected as Android/Waller.A, was found exploiting a security hole in the Visa QIWI Wallet digital wallet service to steal money from victims. The final example provided by McAfee is a piece of malware (Android/Balloonpopper.A) designed to exploit an encryption weakness in WhatsApp to intercept users’ conversations and photos.

Cybercriminals are also leveraging the popularity of various mobile applications to achieve their goals. McAfee analyzed 300 clones of the Flappy Bird game and found that close to 80% of them contained malware. The rogue apps have been designed to make calls, track geolocation, harvest contact information, and send and receive SMS messages without the user’s permission.                                                             

According to McAfee, the total number of mobile malware samples increased by 167% between Q1 2013 and Q1 2014. In the first quarter of 2014, over 750,000 new unique samples were detected by the company.

“We tend to trust the names we know on the internet and risk compromising our safety if it means gaining what we most desire,” noted Vincent Weafer, senior vice president for McAfee Labs.

“The year 2014 has already given us ample evidence that mobile malware developers are playing on these inclinations, to manipulate the familiar, legitimate features in the mobile apps and services we recognize and trust. Developers must become more vigilant with the controls they build into these apps, and users must be more mindful of what permissions they grant.”

The complete McAfee Labs Threats Report: June 2014 is available online.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet