According to researchers at McAfee, hackers are trying to profit off people who want to learn where to get their COVID vaccine. The creator of some of the world’s best antivirus software has recently published its Mobile Threat Report for 2021, documenting all malware targeted at mobile devices. In it, McAfee noted it has managed to catch over 12 million instances of COVID-19-related malware, of which more than 90% were trojans. Other bad actors include billing hijackers that emptied users’ credit cards by signing them up for premium services and banking trojans spread through mobile text messaging.
The security company has also launched a website through which visitors can monitor the worldwide growth of COVID-19-related malware. It’s updated daily and, right now, shows that the United States, Spain, and South Africa are on top of the list of the affected countries. Previously, India suffered a major mobile-malware crisis when a scam message on WhatsApp urged users to download a supposedly vaccine-related app, only to spread itself further to the people on the victim’s contact list.
Cybersecurity experts are unified in their estimate of the threat: “Smartphones and tablets don’t have the same security tools and protections as traditional endpoints like desktops and laptops. It’s harder to spot a phishing attack on mobile than it is on a desktop. Since mobile devices have smaller screens and a simplified user experience, people are less inclined to verify the sender’s real email address or identity. Being phished through social media or SMS on the same device you use for work could compromise your work data just as much as your personal data. Many phishing-related mobile malware spread through SMS or other messaging platforms, spamming the contact lists of infected devices. This results in widely spread campaigns that are more likely to succeed as the source of the phishing link is an acquaintance or friend,” said Burak Agca, an engineer at San Francisco security company Lookout. Agca added that one in three mobile users were exposed to phishing attempts in 2020, highlighting the risk of these attacks on both Android and iOS devices.