View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 25, 2019updated 11 Jul 2022 7:54am

Mobile Malware on the Rise, Warns McAfee

"Establishing the tunnel and keeping it open are currently the only included functions in TimpDoor"

By CBR Staff Writer

Smartphone malware development is rising sharply, threat researchers at McAfee have warned, saying the decision by Epic Games to distribute Fortnite outside of Google Play has helped normalise the granting of permissions to applications outside of typically trusted environments.

The cybersecurity company pointed in particular to surging detections of mobile backdoor threats like TimpDoor – malware now twice as prevalent as its closest competitor – along with a sharp spike in the number of “fake” apps it noted towards the end of 2018, including trojans.

With the extensive permissions typically sought by – and granted to – “legitimate” apps (i.e. the ability to install new software, track location, read and write to USB/SD storage) a growing concern, the findings may be the least of a CISOs priorities, but the growth is significant.

Read this: Why Mobile Apps are a Headache for Critical Public Services

Earlier versions of the TimpDoor malware use an HTTP proxy to forward web traffic, while the newer version uses a SOCKS proxy that can reroute any network traffic, McAfee’s researchers noted.

“Establishing the tunnel and keeping it open are currently the only included functions in TimpDoor. The evolving but still basic functionality implies that this attack is still under development. Since cybercriminals are mostly interested in money, the most likely additions to this attack are ad click fraud, distributed denial of service attacks, and sending spam and phishing emails. As they evolve, we expect attacks like this to become stealthier and increasingly targeted at specific devices, companies, or demographics.”

They added: “The shift away from Google Play as the distribution mechanism is also a significant concern.”

“Tricking users into installing fake apps to listen to fake voice messages is a novel approach. Leveraging popular websites and a convincing social-engineering attack to trick users into enabling unknown sources removes the need for root exploits to gain access to the device.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.