Intel Security’s latest McAfee Labs Threats Report: February 2015 has revealed an assessment of the current mobile threat landscape and highlighted how the failure of mobile app developers to patch critical secure sockets layer (SSL) vulnerabilities has the potential to impact millions of mobile phone users globally.
In tests run in January 2015 by McAfee Labs on the 25 most popular apps on the Computer Emergency Response Team’s (CERT) September 2014 list of vulnerable mobile apps, 18 of the 25 were found to still be at risk – with McAfee Labs able to carry out Man-in-the-Middle (MITM) attacks to intercept data including confidential usernames, passwords and social media login credentials.
Intel Security APAC CTO, Sean Duca, said, “Given the choice between obtaining your credit card details or personal information, cybercriminals will always choose the latter. Whilst financial details can be easily changed, personal data is long lasting and often stored on our devices in various forms for years at a time.
"It’s alarming then that despite multiple warnings and so many recent high-profile security cases in the past year, so many app developers have failed to address highlighted security concerns which could affect millions of users.”
The report also revealed:
- McAfee Labs now detects 387 new samples of malware every minute – more than six samples per second.
- The Angler exploit kit has overtaken Blacole to become one of the most popular and powerful attack packages for cybercriminals.
- Mobile malware samples grew 14 per cent during Q4 2014. At least 8 per cent of all McAfee monitored mobile systems reported an infection during Q4, with much attributed to the AirPush ad network.
- Potentially Unwanted Programs (PUPs) were detected on 91 million systems each day in Q4.
- Ransomware has begun to grow once again after a four-quarter decline. New samples in Q4 grew 155 per cent.
- Signed malware up 17 per cent in Q4 after a brief drop in new malicious signed binaries.