Anti-virus software vendor, McAfee says that it has found that under the camouflage of “free” apps, criminals are able to get consumers to agree to invasive permissions that allow scammers to deploy malware.
The permissions in free apps, funded by adware, leak personal information which ad networks use to serve targeted ads; however, McAfee found that 26 percent of apps are likely more than just adware. SMS scams and rooting exploits were among the most popular types of threats seen across a variety of apps.
“Most consumers don’t understand or even worry about the app permissions they agree to,” said Luis Blando, vice president of mobile product development at McAfee. “Because of that, cybercriminals are increasingly abusing app permissions as an efficient way to deliver mobile malware. Through these agreements mobile consumers are unwittingly putting their personal information into the hands of criminals disguised as ad networks, and opening up endless doors for scammers.”
The report examined Fake Installer, a piece of SMS malware disguised within a free app that sends up to seven messages. At a typical premium rate of $4 USD per message, that “free” app can cost up to $28 USD as the malware tells a consumer’s device to send messages to or receive messages from a premium rate SMS number.
Of the top 20 downloads of malware-infected apps, games won the popularity contest, followed by personalization and a tie between tools, music, lifestyle (a cover category for adult content) and TV.