Developers of malicious mobile apps are arguably some of the most creative people you’ll find — they have to be in order to keep finding ways to sneak their wares past the guardrails of app marketplaces like the Google Play Store and to trick unsuspecting users into downloading them. Meanwhile, a new report about the mobile app malware landscape points to a rising threat that’s among the most creative approaches of all — it’s less of a hassle to convince people your app is legit when you just straight up hide it from appearing on the phone at all, right?

McAfee’s new Mobile Threat Report 2020 found that hackers are using hidden mobile apps, along with third-party login and counterfeit gaming videos to target a growing number of consumers.

The security firm’s research shows how hackers have expanded their efforts from the backdoors and cryptocurrency mining that largely characterized their efforts to target consumers last year. The presence of hidden mobile apps on devices, in particular, makes it seem like 2020 might be regarded as the “year of the mobile sneak attack,” according to the new research. Hidden apps are, in fact, the most active such mobile threat facing consumers and were responsible for almost 50% of all malicious activity in 2019. That was up 30% over 2018.

“Hackers continue to target consumers through channels that they spend the most time on — their devices, as the average person globally is expected to own 15 connected devices by 2030,” the report notes. “Hidden apps take advantage of unsuspecting consumers in multiple ways, including taking advantage of consumers using third-party login services or serving unwanted ads.”

Having the app stay hidden is particularly malicious, in that the consumer doesn’t know it’s on their device and thus presumably doesn’t know how to stop it from draining resources and data from the device. However, that’s not all that’s going on. Among other trends the new report identifies:

Another strain of new malware to be aware of uses third-party sign-ons to cheat app ranking systems. Per the McAfee team, a new mobile malware called LeifAccess, also known as Shopper, “takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim’s device.” The researchers discovered apps based on LeifAccess being shared via social media, gaming platforms, and other channels, and fake warnings are used in order for the user to trigger the necessary accessibility services that enable the malware’s full range of perniciousness.

As if all that wasn’t enough, McAfee researchers also found that popular apps like Spotify and Call of Duty all have fake variations that try to trick unsuspecting consumers, especially younger users. The apps often look like the real deal and have icons that are almost the same as the real ones but exist to serve up unwanted ads and steal user data. Definitely another reminder to follow app download best practices, including by only downloading from known sources and paying closer attention to the apps you select.

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.