Site icon Information Security Buzz

McAfee Labs Report Reveals New Mobile App Collusion Threats

Mobile app

Delayed software updates enable cybercriminals to exploit mobile apps; Pinkslipbot Trojan returns with new capabilities

 NEWS HIGHLIGHTS

LONDON, UK.  Intel Security today released its McAfee Labs Threats Report: June 2016, which explains the dynamics of mobile app collusion, where cybercriminals manipulate two or more apps to orchestrate attacks on smartphone owners. McAfee Labs has observed such behaviour across more than 5,056 versions of 21 apps designed to provide useful user services such as mobile video streaming, health monitoring, and travel planning. Unfortunately, the failure of users to regularly implement essential software updates to these 21 mobile apps raises the possibility that older versions could be commandeered for malicious activity.

Widely considered a theoretical threat for many years, colluding mobile apps carry out harmful activity together by leveraging interapp communication capabilities common to mobile operating systems. These operating systems incorporate many techniques to isolate apps in sandboxes, restrict their capabilities, and control which permissions they have at a fairly granular level. Unfortunately, mobile platforms also include fully documented ways for apps to communicate with each other across sandbox boundaries. Working together, colluding apps can leverage these interapp communication capabilities for malicious purposes.

McAfee Labs has identified three types of threats that can result from mobile app collusion:

Mobile app collusion requires at least one app with permission to access the restricted information or service, one app without that permission but with access outside the device, and the capability to communicate with each other. Either app could be collaborating on purpose or unintentionally due to accidental data leakage or inclusion of a malicious library or software development kit. Such apps may use a shared space (files readable by all) to exchange information about granted privileges and to determine which one is optimally positioned to serve as an entry point for remote commands.

“Improved detection drives greater efforts at deception,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs group. “It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps.”

The McAfee Labs report discusses forward-looking research to create tools, initially used by threat researchers manually but eventually to be automated, to detect colluding mobile apps. Once identified, colluding apps may be blocked using mobile security technology. The report suggests a variety of user approaches to minimise mobile app collusion, including downloading mobile apps only from trusted sources, avoiding apps with embedded advertising, not “jailbreaking” mobile devices, and most importantly, always keeping operating system and app software up-to-date.

This quarter’s report also documents the return of the W32/Pinkslipbot Trojan (also known as Qakbot, Akbot, QBot). This backdoor Trojan with worm-like abilities initially launched in 2007 and quickly earned a reputation for being a damaging, high-impact malware family capable of stealing banking credentials, email passwords, and digital certificates. The Pinkslipbot malware re-emerged in late 2015 with improved features such as anti-analysis and multi-layered encryption abilities to thwart malware researchers’ efforts to dissect and reverse engineer it. The report also provides details about the Trojan’s self-update and data exfiltration mechanism, and McAfee Labs’ effort to monitor Pinkslipbot infections and credential theft in real-time.

Finally, McAfee Labs assesses the state of mainstream hashing functions, and urges organisations to keep their systems up to date with the latest, strongest hashing standards.

Q1 2016 Threat statistics

[su_box title=”About McAfee Labs” style=”noise” box_color=”#336588″][short_info id=’60470′ desc=”true” all=”false”][/su_box]

About the Author

Exit mobile version