Mobile Tax Apps Tax User Security

Tax season is almost always unanimously linked with unhappiness. Piles of crumpled receipts, coffee stained forms, and wasted weekends spent itemizing every purchase are just some of the unpleasant activities that are associated with this time of the year. Like many previously arduous tasks, mobile technology has made life a lot easier for many people, including those doing their own taxes. Companies like TurboTax and TaxSlayer created mobile apps with the intention of helping customers submit receipts, check on refunds, and much more.

But, you know what they say about good intentions…

The reality certainly rings true when it comes to using mobile apps for sensitive financial and personal activities. Oftentimes, usability and visually appealing interfaces are prioritized far above security precautions. In April, a Hewlett-Packard (HP) audit revealed that more than 90% of popular mobile tax and finance apps contained at least one potential security violation.

The flaws discovered by HP ranged from irksome to down right alarming, including accessing contacts, tracking a user’s location, storing sensitive data unencrypted, insecurely transmitting data, and unsafe cookie practices. In addition, many of these apps use data encryption methods that are known to have weaknesses—and you can guarantee that if the security industry knows about them, so do the hackers.

One of the biggest concerns with using mobile apps to store and perform sensitive financial activities is the potential connection to third-party storage. Users today often take the ability to share data seamlessly between mobile and desktop accounts for granted, but these features are normally made possible through cloud services. Checking the status of your tax refund on your mobile device is great, but accessing that information via digital pathways can also create many extra chances for someone to get ahold of Social Security and credit card numbers.

Like so many app safety issues we have covered before, consumers need to be aware of the app security limitations when it comes to storing financial and personal data. It is crucial to always review what information an app will have access to when downloading anything new, and once installed, users should also periodically check what data those apps are using.

Whether you are sending risky photos to a significant other through a chat app or checking your bank account, mobile app promises of security need to be taken with a grain of salt. This HP audit reveals again that in reality, the responsibility of user safety lies with the consumer instead of the companies that create the app.

In order to help keep personal information out of the wrong hands, it is important to be discerning about what gets stored on mobile phones and tablets—no matter how convenient or pretty the app. Additionally, extra security precautions like PIN codes and mobile security apps like McAfee Mobile Security for iOS and Android can go a long way towards keeping prying eyes out.

To keep up with the latest security threats, make sure to follow @McAfeeConsumer on Twitter and like us on Facebook.


The post Mobile Tax Apps Tax User Security appeared first on McAfee Blogs.

Beware of the Risks of Online Gaming and Fantasy Football

August may mean the last days of summer vacation and start of back to school for some, but for die hard NFL fans it also means the return of football (American football that is). And for many this also means the start of their fantasy football league.

And though these fantasy teams are not real, the money and numbers behind them are real. The Fantasy Sports Trade Association (FSTA) reported that approximately $1.67 billion was spent on fantasy football in 2012 and in 2013, there were approximately 25.8 million fantasy football players in the United States. It’s one of the fastest growing industries in the United States and is projected to grow at an average annual rate of 7.6%. A quick Google search of “fantasy football” generates 397,000,000 results.

And why is this important? Because hackers are aware of these numbers and like anything else, they go where the numbers are. With fantasy footballers searching online looking for in-depth information on their players, you could be exposing yourself to risk. Participating in a fantasy football leagues and cyber gambling are two of the biggest attractors of cybercrime.

So as you’re getting ready to “get in the game,” make sure you’re aware of the risks:

Viruses and worms. These can take the form of attachments with emails or instant messaging. If you open an attachment, download something or install software that’s malicious, you’re in for a nasty surprise.

Malware. Malicious software can be installed simply by visiting an infected site. Crooks may use social engineering to lure you into visiting a website that then downloads malware and installs it on your computer or mobile device. Or searching for information on that cornerback that you think is going to be your “sleeper” could lead you to malicious sites as well.

Social interaction. This now comes with many online games (e.g., chat rooms, instant messaging), but it also comes with a heightened risk of infiltration by criminals. Thieves will find vulnerable spots amid all the workings of an online gaming community and get ahold of your personal information—which can lead to identity theft as well as maxing out your credit card. Gee, they can even pose as family members and trick you into sending them money or revealing private information.

So, what can you do?

  • Use caution when opening attachments or downloading files: If you receive an attachment in an email or instant message…think very carefully and hard before you open that attachment. If it seems to be from a familiar person, first contact that person (don’t hit “reply” to do this; do it separately) to verify that the individual sent you an attachment.
  • Keep things up to date: Make sure you keep your browser and operating system as well as any mobile apps, are up to date so you’re protected from any known security holes. And consider using browser protection, like McAfee® SiteAdvisor®, that protects you from going to risky sites.
  • Monitor app permissions frequently: Even good apps can go bad, which is why it’s important to monitor what and how much they have access to. Check app permissions to make sure they can’t get a hold of more information than they need. McAfee® Mobile Security for Android not only reviews permissions of downloaded apps, but also provides you with an app reputation report, based on a proprietary algorithm that takes into account the app category as well as the developer’s reputation.
  • Use long, strong passwords: Make sure your passwords use mix of upper and lower case letters, numbers and symbols and it at least 14 characters in length. Never use sequential characters on a keyboard or words that can be found in a dictionary. No matter how many passwords you need, each one should be different. For helping building strong passwords that are memorable, go to
  • Back up your data: Make sure to back up all of your data, and never wait too long in between making new backups.
  • Use comprehensive security software: A comprehensive security suite like McAfee LiveSafe™ service can detect and delete malware that finds its way onto your computer. It also comes with a password manager to help you remember all of your logins and browser protection to keep you from going to risky sites.

With the growth in mobile and social, fantasy football could become larger than the football industry itself, which will continue to attract the hackers, so make sure you stay abreast of the latest information to stay safe online!


RobertSicilianoRobert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

The post Beware of the Risks of Online Gaming and Fantasy Football appeared first on McAfee Blogs.

Adobe Flash Player Installer Scams Reappear on Google Play

Adobe Flash Player has been a boon to Android malware creators for a long time. These developers have taken advantage of Flash’s popularity to create premium SMS Trojans and droppers, as well as other types of malware. McAfee Labs has detected a common scam app–Android/Fladstep.B–on the Google Play store since the end of 2013. The malware tricks users into paying money via PayPal to install Flash Player. The malware is removed from the store every time it appears, but we have found that the same attacks are again on Google Play.



Examples of Flash Player installer scam apps on Google Play store.


Multiple apps claiming to be installers of Flash Player have been published by several app developer accounts since the end of June. The malware is short lived, but the total download count of those apps amounts to more than 50,000, according to Google Play statistics. These apps were quickly removed, but they reappear soon with different names and developer accounts.



A Flash Player installer scam app that has been just published.


When launched, this scam app simply opens a web page that requests users to pay a €5 fee via PayPal to install Flash Player. The web page is hosted on a server located in Turkey in some apps and the United States in other apps. If the user pays the fee with the PayPal account, the web page shows a download link to Flash Player that is the legitimate URL of Adobe’s download site.



The malicious web page requesting users to pay with PayPal for Flash Player installation.



PayPal payment screen.


In short, victims are tricked into paying money for a free download. The scammer might claim that the installer app provides an “added value” to automatically detect the version of the Flash Player appropriate to the user’s Android OS version, but this version identification is easy to do by checking Adobe’s download site.



The download link shown after payment points to the real Adobe download site.



The Flash Player downloaded from the Adobe’s site.


Another sin of this scam app is that the app’s description page on Google Play shows some screen images including one that implies the user can get both Flash Player and its “tutorial.” However, no tutorial is supplied, even to users who pay; they get exactly the same package as everyone else.



The screen shot on Google Play that promises a tutorial.


Last, paying with PayPal gives the user’s name and email address to the app developer, who can easily collect and abuse the personal information of these victims. Those who are careless enough to be scammed even once can easily be targeted in future scams.

Flash Player will continue to benefit malware authors due to its popularity. And this type of scam will continue because criminals can easily and directly get money from their victims using popular online payment services. Users should be very careful about the sellers of products when using online payments, for example, by checking that the name and contact information of the company or seller is explicitly displayed and that the product is really what they want to buy.

McAfee Mobile Security detects these Android scam apps as variants of Android/Fladstep, and also blocks browser access to websites hosting this scam.

The post Adobe Flash Player Installer Scams Reappear on Google Play appeared first on McAfee Blogs.

European Spammers Set Their Sights on Android Devices

These days, thanks to advances in technology and an overwhelming amount of options, many of us choose to order items online in favor of walking into a brick and mortar store to make a purchase. Unfortunately, malware has caught onto this and is exploiting the trend on both mobile and desktop environments.

Email spam messages that pose as tracking notifications from shipping companies such as DHL, Express, FedEx, or UPS have become one of the most common methods for distributing this kind of malware. Most recently, criminals utilized these tactics in two cases in Europe.

The first mobile spam campaign specifically targeted German users via text messages. In this case, a text message containing a fake DHL tracking notification was sent to Android users that when downloaded and installed, distributed malware. For a more in-depth look at how this malware operates, read this recent McAfee Labs™ post.

The second one, in Poland, was a more traditional spam campaign involving email. This method targeted users by sending them an email, allegedly from a bank, alerting them that malware had been detected on their mobile device. The offending email contained an attachment claiming to be from a well-known security company designed to detect mobile malware. Unfortunately, this attached app was in fact the malware itself, and when downloaded, it distributed a new variant of an Android remote access tool (RAT). The McAfee Labs team discovered this particular threat.

In both of these cases, if successful, the malware was released onto the unlucky victims’ smartphone and was able to remotely execute the following commands:

  • Leak sensitive device information such as contact list, phone number, device model, call logs, browser history and more.
  • Send messages using data (phone number and text) provided by the remote server.
  • Interfere with incoming messages.

These text and email spam campaigns are becoming an increasingly popular way to distribute Android malware, steal personal information, or even gain complete control over a mobile device.

McAfee® Mobile Security, free for Android and iOS, detects both of these threats and others like it. The Android version alerts users if a threat is present and protects them from any potential data loss. iOS users can get backup and recovery for contacts, photo and video protection, as well as location tracker.

To keep up with the latest security threats, make sure to follow @McAfeeConsumer on Twitter and like us on Facebook.


The post European Spammers Set Their Sights on Android Devices appeared first on McAfee Blogs.

Chinese Worm Infects Thousands of Android Phones

Last weekend, it was reported in China that an SMS worm was wildly spreading among Android mobile phones, with more than 500,000 devices infected. The malware spread by sending SMS texts to a phone’s contacts with a message body such as:


SMS message to spread

This malware is much more than just a worm. It is actually a worm plus a Trojan. The Trojan component resides in another install package in the original one.

Once the malware is installed, it checks whether the Trojan is installed. If not, it ask the user to install it.

Install the "Torjan" component

After installing, the malware sends a text message to a control server phone number, which we believe belongs to the author of this malware, to let him know that a new victim is infected.

Reports "installed" to malware author

The installation then asks the user to input his or her ID and name, which will also be posted to the control number.

User's Identity and name leaking

The Trojan monitors incoming SMS messages, forwards all incoming SMS messages to the control number, and executes the following commands:

  • readmessage: Reads all SMS messages, and send them to the malware author’s mail address
  • sendmessage: Sends messages to the number in the message body
  • test: Sends a test message to the malware author
  • makemessage: Makes a fake message, and inserts it into the inbox
  • sendlink: Sends the user’s contact list to the malware author’s email address

With the user’s identity card number, real name, and SMS messages, the malware author is one step closer to stealing the user’s bank account information, hijacking an online trade, or even transferring money. In China, some banks allow customers to access their accounts with an identity card number and password.

User's information sent via mail

We have seen two versions of this sample. The payloads are almost the same, except that the first one has no payload for spreading, no worm function. It appears the author wanted to infect more devices by adding the worm.

McAfee Mobile Security detects both of these threats as Android/XShenqi.A.

According to reports, the author of this malware is a college student who created this malware just to prove he can do something. Seems like a curious way to impress people.


The post Chinese Worm Infects Thousands of Android Phones appeared first on McAfee Blogs.