McAfee made the revelation in its annual mobile threat report, which details the threat landscape, providing information on the most prominent malware and types of malicious apps in 2022. McAfee said powerful AI tools allow cybercriminals to build credible-looking fake apps and carry out scams. For example, criminals are using ChatGPT to eliminate spelling mistakes and other errors that usually indicate a phishing SMS/email. “With the introduction of ChatGPT, the authors of those phishing emails no longer have to worry about correct grammar and spelling, ChatGPT can easily write a grammatically correct email for you,” the report states. “Bad actors need only to enter a message, translate and wait for the program to create a message.”
Expect Increase in Misinformation and Deepfakes, Says McAfee
McAfee’s report highlights misinformation and deepfakes as a threat that could rise significantly in 2023. Misinformation and deepfakes are a top concern for governments and the cybersecurity community. Cybercriminals can now use tools like DALL-E 2 to create more convincing scams. For example, a malicious actor can use deep fake videos and audio of prominent public figures to create cryptocurrency scams and trick victims into handing over their money. Earlier this month, McAfee also warned about the use of ChatGPT and other deepfake tools in online dating scams. McAfee found malicious apps taking advantage of the hype around AI image generation. These trojanized apps, such as Pista, NewProfilePicture, and Cartoon Effect, claim to use AI to apply special visual effects. However, they are just repackaged image editors with basic filters, which contain malicious packages such as facestealers, adware, and fleeceware. Similarly, several ChatGPT impersonator apps flooded app stores shortly after OpenAI announced the chatbot at the end of 2022. Threat actors often use mobile applications to carry out scams. These apps may contain malware or force victims into getting a subscription that offers no benefit over free versions. Of all the malicious apps McAfee identified last year, 23 percent were disguised mobile productivity apps, over six percent as messaging apps, and nine percent as gaming apps. While malicious apps are usually spread through dodgy third-party stores, they sometimes get on Google’s Play Store and Apple’s App store. “Sometimes they upload an app that’s initially clean and then push the malware to users as part of an update. Other times, they embed the malicious code so that it only triggers once it’s run in certain countries. They will also encrypt bad code in the app that they submit, which can make it difficult for stores to sniff out,” McAfee revealed in a blog post.
McAfee’s Other Threat Predictions in 2023
McAfee said other mobile threats to look out for in 2023 include financial scams related to investments and fake loans. Scammers usually target susceptible and vulnerable victims with enticing offers and charge an upfront fee. “According to the FBI Internet Crime Complaint Center’s 2021 report, the losses for investment scams increased from $336,469,000 in 2020 to $1,455,943,193 in 2021. This shows that this type of scam is growing by an enormous amount, and we expect it to continue,” the report states. McAfee also warned about potential metaverse scams. While VR worlds such as Horizon are becoming more popular, they are still in their early stages. Malicious actors could take advantage of the lack of understanding of metaverse risks to exploit unsuspecting users. Interested in learning how to secure your smartphone from mobile threats? Check out our guide to smartphone privacy. Our article on mobile spyware also contains useful information on how to spot and remove malware from your device.