McAfee warns of NFC malware risk

McAfee sounds alarm over NFC malware problems.

McAfee has warned that Near Field Communications (NFC) could allow mobile devices to become infected by touching other phones infected with malware.

The IT security firm said the technology has made smart devices, such as smartphones and tablets, more attractive to cybercriminals.

As a result, the company said it expects to see criminals abuse the tap-and-pay NFC technology used in mobile payment programs or "digital wallets" in "bump and infect" scams that use worms to propagate through proximity.

The distribution path can quickly spread malware through a group of people on a passenger-loaded train or at an amusement park, for example. When the newly-infected device is used to "tap and pay" for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet.

Worm malware like this will spread by exploiting vulnerabilities on devices, warned McAfee, and could be used to "monetise the 11.8 per cent of malware families that already contain exploit behaviours."

The company cited figures from research firm IDC that show smart devices are surpassing PCs as the preferred way to access the internet. The number of people using PCs to go online will shrink by 15 million over the next four years, while mobile users are expected to increase by 91 million, according to IDC.

Luis Blando, vice president of mobile product development at McAfee, said, despite elevated consumer awareness of threats on mobile platforms, there is still a significant knowledge gap surrounding how and when devices become infected and the level of potential damage.

"Cybercriminals are exhibiting greater levels of determination and sophistication leading to more destructive, multi-faceted hacks that are harder to spot, and thus warrant a greater degree of security and vigilance," said Blando.

McAfee also warned that criminals are increasingly looking at ways to generate revenue from mobile devices.

During 2012, about 16 per cent of malware families detected by McAfee attempted to get devices to subscribe to premium SMS messages, and the company predicts we will see an increase in threats that will result in users only finding out they have bought premium apps when they check their bills.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
McAfee Total Protection review: Quick, effective and affordable
antivirus

McAfee Total Protection review: Quick, effective and affordable

23 Aug 2021
McAfee’s zero trust solution strengthens private applications’ security
cyber security

McAfee’s zero trust solution strengthens private applications’ security

3 Aug 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021