Cybercriminals use mobile app collusion tactics to steal data; McAfee Labs
Cybercriminals can manipulate two or more apps to control a smartphone
Intel Security has released its "McAfee Labs Threats Report: June 2016" which explains how cybercriminals are deploying mobile app collusion tactics to orchestrate attacks.
Mobile app collusion is when cybercriminals manipulate two or more apps to exhilarate user data, inspect files, send fake SMS messages, load additional apps without user consent and send user location information to control servers.
McAfee Labs has observed such behaviour across more than 5,000 versions of 21 apps that have been specifically designed to provide useful user services, such as mobile video streaming, health monitoring and travel planning. However, the failure of users to regularly implement essential software updates to these 21 mobile apps raises the possibility that older versions could be commandeered for malicious activity.
Mobile app collusion requires at least one app with permission to access the restricted information or service, one app without that permission but with access outside the device, and the capability to communicate with each other. Either app could be collaborating on purpose or unintentionally due to accidental data leakage or inclusion of a malicious library or software development kit. Such apps may use a shared space (files readable by all) to exchange information about granted privileges and to determine which one is optimally positioned to serve as an entry point for remote commands.
McAfee has identified three types of threats; information theft where an app with access to sensitive or confidential information willingly or unwillingly collaborates with one or more apps to send information outside the boundaries of the device. Financial theft, this is when an app sends information to anther app that can execute financial transactions to make financial API calls. Lastly service misuse, this is when one app controls a system, service and receives information or commands from one or more apps to orchestrate a variety of malicious activities.
"Improved detection drives greater efforts at deception," said Raj Samani, VP & CTO, EMEA, Intel Security. "It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps."
The report also documents the return of the W32/Pinkslipbot Trojan, also known as Qakbot, Akbot and QBot. This backdoor Trojan with worm-like abilities initially launched in 2007 and quickly earned a reputation for being a damaging, high-impact malware family capable of stealing banking credentials, email passwords, and digital certificates.
The Pinkslipbot malware re-emerged in late 2015 with improved features such as anti-analysis and multi-layered encryption abilities to thwart malware researchers' efforts to dissect and reverse engineer it.