McAfee says cybercriminals abuse app permissions to commit fraud and install malware.
Games are the most common form of malware-infected app.
Cyber criminals are able to get consumers to agree to invasive permissions that allow scammers to deploy malware.
The permissions in free apps, funded by adware, leak personal information which ad networks use to serve targeted ads; however, McAfee found that 26 percent of apps are likely more than just adware. SMS scams and rooting exploits were among the most popular types of threats seen across a variety of apps.
Mobile Security: McAfee Consumer Trends Report – June 2013 examines Fake Installer, a piece of SMS malware disguised within a free app that sends up to seven messages.
At a typical premium rate of $4 per message, that free app can cost up to $28 as the malware tells a consumer’s device to send messages to or receive messages from a premium rate SMS number.
The report analyzes FakeRun, malware that tricks users in the United States, India, and 64 other countries into giving an app a five-star rating on Google Play. Once an app developer has been rated highly, other apps they publish will be trusted, which creates more opportunities for a criminal to publish and distribute malware-carrying apps.
Of the top 20 downloads of malware-infected apps, games won the popularity contest, followed by personalization and a tie between tools, music, lifestyle (a cover category for adult content) and TV.
