Security Pad, cyber security, IT

While the convenience of banking apps can’t be denied, the mobile technology has the potential to be a huge security risk in 2016, according to a new report.

According to the November 2015 Threats Report released Tuesday by Intel Security’s McAfee Labs division, mobile banking apps, along with macro and fileless malware were revealed to be key security threats in the third quarter of this year.

The researchers at McAfee Labs noted poor coding practices for mobile app cloud security, including the failure to follow back-end service provider guidance, can lead to the exposure of user data in the cloud. Mobile banking apps are specifically targeted in this instance, report findings revealed.

By way of a thorough analysis of approximately 300,000 mobile apps, McAfee Labs researchers were able to find two mobile Trojans — Android/OpFake and Android/Marry — that exploited back-end coding to silently install malicious code into thousands of mobile banking accounts.

The report also discovered advances in platform capabilities and threat development innovation have led to the rise of new variations of fileless malware specifically designed to avoid traditional threat detection — attacks that appear to be taking the place of rootkit attacks. The study details how this stealthy breed of fileless malware deletes all traces of its infection from the file system; new fileless malware, such as Kovter, Powelike, and XswKit, have all been designed to exploit operating system platform services to gain registry access while leaving no artifacts on disk.

The report findings also revealed:

  • Macro malware is on the rise, climbing from less than 10,000 new attacks in the third quarter of 2015 to almost 45,000 this past quarter, something not seen since 2009.
  • The total number of mobile malware samples grew 16 per cent from second quarter to third quarter of this year; the total number of mobile malware samples jumped 81 per cent during the past year.
  • McAfee Labs researchers captured 74,471 samples of fileless attacks in the first three quarters of 2015 — meaning that fileless malware such as rootkits should be a key priority for IT managers to investigate in the coming year.

McAfee Labs vice-president Vincent Weafer said the third quarter findings highlight the importance of security best practices and the need for constant innovation to stay a step ahead of the threat technology curve. “Ongoing user education is imperative to counter attackers’ tactics such as social engineering,” said Weafer in a blog post.