Smartphones
put
the
proverbial
world
in
the
palm
of
your
hand—you
pay
with
it,
play
with
it,
keep
in
touch
with
it,
and
even
run
parts
of
your
home
with
it.
No
wonder
hackers
and
scammers
have
made
smartphones
a
target.
A
prime
one.
Each
year,
our
Consumer
Mobile
Threat
Report
uncovers
trends
in
mobile
threats,
which
detail
tricks
that
hackers
and
scammers
have
turned
to,
along
with
ways
you
can
protect
yourself
from
them.
For
2023,
the
big
trend
is
apps.
Malicious
apps,
more
specifically.
Malicious
and
fake
apps
Malicious
apps
often
masquerade
as
games,
office
utilities,
and
communication
tools.
Yet
now
with
the
advent
of
a
ChatGPT
AI
chatbot
and
the
DALL-E
2
AI
image
generator,
yet
more
AI-related
malicious
apps
have
cropped
up
to
cash
in
on
the
buzz.
And
money
is
what
it’s
all
about.
Hackers
and
scammers
generally
want
your
money,
or
they
want
your
data
and
personal
info
that
they
can
turn
into
money.
Creating
fraudulent
ads,
stealing
user
credentials,
or
skimming
personal
information
are
some
of
the
most
common
swindles
that
these
apps
try.
Much
of
this
can
happen
in
the
background,
often
without
victims
knowing
it.
How
do
these
apps
end
up
on
people’s
phones?
Sometimes
they’re
downloaded
from
third-party
app
stores,
which
may
not
have
a
rigorous
review
process
in
place
to
spot
malicious
apps—or
the
third-party
store
may
be
a
front
for
distributing
malware-laden
apps.
They
also
find
their
way
into
legitimate
app
stores,
like
Apple’s
App
Store
and
Google
Play.
While
these
stores
indeed
have
review
processes
in
place
to
weed
out
malicious
apps,
hackers
and
scammers
have
found
workarounds.
Sometimes
they
upload
an
app
that’s
initially
clean
and
then
push
the
malware
to
users
as
part
of
an
update.
Other
times,
they
embed
the
malicious
code
so
that
it
only
triggers
once
it’s
run
in
certain
countries.
They
will
also
encrypt
bad
code
in
the
app
that
they
submit,
which
can
make
it
difficult
for
stores
to
sniff
out.
In
all,
our
report
cites
several
primary
ways
how
hackers
and
scammers
are
turning
to
apps
today:
-
Sliding
into
your
DMs:
6.2%
of
threats
that
McAfee
identified
on
Google
during
2022
were
in
the
communication
category,
mainly
malware
masqueraded
as
SMS
and
messaging
apps.
But
even
legitimate
communication
apps
can
create
an
opportunity
for
scammers.
They
will
use
fraudulent
messages
to
trick
consumers
into
clicking
on
a
malicious
link,
trying
to
get
them
to
share
login
credentials,
account
numbers,
or
personal
information.
While
these
messages
sometimes
contain
spelling
or
grammar
errors
or
use
odd
phrasing,
the
emergence
of
AI
tools
like
ChatGPT
can
help
scammers
clean
up
their
spelling
and
grammar
mistakes,
making
it
tougher
to
spot
scam
messages
by
mistakes
in
the
content.
The
severity
of
these
Communication
threats
is
also
evident
in
the
volume
of
adults
(66%)
who
have
been
messaged
by
a
stranger
on
social
media,
with
55%
asked
to
transfer
money. -
Taking
advantage
of
Bring
Your
Own
Device
policies:
23%
of
threats
that
McAfee
identified
were
in
the
app
category
of
tools.
Work-related
apps
for
mobile
devices
are
great
productivity
boosters—categories
like
PDF
editors,
VPNs,
messaging
managers,
document
scanners,
battery
boosters,
and
memory
cleaners.
These
types
of
apps
are
targeted
for
malware
because
people
expect
the
app
to
require
permissions
on
their
phone.
Scammers
will
set
up
the
app
to
ask
for
permissions
to
storage,
messaging,
calendars,
contacts,
location,
and
even
system
settings,
which
scammers
to
retrieve
all
sorts
of
work-related
information. -
Targeting
teens
and
tween
gamers
with
phones:
9%
of
threats
that
McAfee
identified
were
casual,
arcade,
and
action
games.
Malicious
apps
often
target
things
that
children
and
teens
like,
such
as
gaming,
making
videos,
and
managing
social
media.
The
most
common
types
of
threats
detected
within
the
gaming
category
in
2022
were
aggressive
adware—apps
that
display
excessive
advertisements
while
using
the
app
and
even
when
you’re
not
using
it.
It’s
important
to
make
sure
that
kids’
phones
are
either
restricted
from
downloading
new
apps,
or
that
they’re
informed
and
capable
of
questioning
suspicious
apps
and
identifying
fraudulent
ones.
How
you
can
avoid
downloading
malicious
and
fake
apps
For
starters,
stick
with
legitimate
apps
stores
like
Google
Play
and
Apple’s
App
Store,
which
have
measures
in
place
to
review
and
vet
apps
to
help
ensure
that
they
are
safe
and
secure.
And
for
the
malicious
apps
that
sneak
past
these
processes,
Google
and
Apple
are
quick
to
remove
malicious
apps
once
discovered,
making
their
stores
that
much
safer.
1)
Review
with
a
critical
eye.
As
with
so
many
attacks,
hackers
rely
on
people
clicking
links
or
tapping
“download”
without
a
second
thought.
Before
you
download,
take
time
to
do
some
quick
research.
That
may
uncover
some
signs
that
the
app
is
malicious.
Check
out
the
developer—have
they
published
several
other
apps
with
many
downloads
and
good
reviews?
A
legit
app
typically
has
quite
a
few
reviews,
whereas
malicious
apps
may
have
only
a
handful
of
(phony)
five-star
reviews.
Lastly,
look
for
typos
and
poor
grammar
in
both
the
app
description
and
screenshots.
They
could
be
a
sign
that
a
hacker
slapped
the
app
together
and
quickly
deployed
it.
2)
Go
with
a
strong
recommendation.
Yet
better
than
combing
through
user
reviews
yourself
is
getting
a
recommendation
from
a
trusted
source,
like
a
well-known
publication
or
from
app
store
editors
themselves.
In
this
case,
much
of
the
vetting
work
has
been
done
for
you
by
an
established
reviewer.
A
quick
online
search
like
“best
fitness
apps”
or
“best
apps
for
travelers”
should
turn
up
articles
from
legitimate
sites
that
can
suggest
good
options
and
describe
them
in
detail
before
you
download.
3)
Keep
an
eye
on
app
permissions.
Another
way
hackers
weasel
their
way
into
your
device
is
by
getting
permissions
to
access
things
like
your
location,
contacts,
and
photos—and
they’ll
use
sketchy
apps
to
do
it.
So,
check
and
see
what
permissions
the
app
is
requesting.
If
it’s
asking
for
way
more
than
you
bargained
for,
like
a
simple
game
wanting
access
to
your
camera
or
microphone,
it
may
be
a
scam.
Delete
the
app
and
find
a
legitimate
one
that
doesn’t
ask
for
invasive
permissions
like
that.
If
you’re
curious
about
permissions
for
apps
that
are
already
on
your
phone,
iPhone
users
can
learn
how
to
allow
or
revoke
app
permission
here,
and
Android
can
do
the
same
here.
4)
Protect
your
smartphone
with
security
software.
With
all
that
we
do
on
our
phones,
it’s
important
to
get
security
software
installed
on
them,
just
like
we
install
it
on
our
computers
and
laptops.
Whether
you
go
with
comprehensive
online
protection
software
that
secures
all
your
devices
or
pick
up
an
app
in
Google
Play
or
Apple’s
App
Store,
you’ll
have
malware,
web,
and
device
security
that’ll
help
you
stay
safe
on
your
phone.
5)
Update
your
phone’s
operating
system.
Together
with
installing
security
software,
keeping
your
phone’s
operating
system
up
to
date
can
help
to
keep
you
protected
from
most
malware. Updates
can
fix
vulnerabilities
that
hackers
rely
on
to
pull
off
their
malware-based
attacks—it’s
another
tried
and
true
method
of
keeping
yourself
safe
and
your
phone
running
great
too.
Protecting
yourself
while
using
apps
Who
can
you
trust?
As
for
scammers
who
use
legitimate
communications
apps
to
lure
in
their
victims,
McAfee’s
Mobile
Research
team
recommends
the
following:
-
Be
suspicious
of
unsolicited
emails,
texts,
or
direct
messages
and
think
twice
before
you
click
on
any
links. -
Ensure
that
your
mobile
device
is
protected
with
security
solutions
that
includes
features
to
monitor
and
block
potentially
malicious
links,
such
as
the
web
protection
found
in
our
own
online
protection
software. -
Remember
that
most
of
these
scams
work
because
the
scammer
creates
a
false
sense
of
urgency
or
preys
on
a
heightened
emotional
state.
Pause
before
you
rush
to
interact
with
any
message
that
is
threatening
or
urgent,
especially
if
it
is
from
an
unknown
or
unlikely
sender. -
If
it’s
too
good
to
be
true,
it
probably
is.
Whether
it’s
a
phony
job
offer,
a
low
price
on
an
item
that’s
usually
expensive,
a
stranger
promising
romance,
or
winnings
from
a
lottery
you
never
entered,
scammers
will
weave
all
kinds
of
stories
to
steal
your
money
and
your
personal
information.
Get
the
full
story
with
our
Consumer
Mobile
Threat
Report
The
complete
report
uncovers
yet
more
mobile
trends,
such
as
the
top
mobile
malware
groups
McAfee
identified
in
2022,
predictions
for
the
year
ahead,
ways
you
can
keep
your
children
safer
on
their
phones,
and
ways
you
can
keep
yourself
safer
when
you
use
your
phone
for
yourself
and
for
work.
The
full
report
is
free,
and
you
can
download
it
here.