Where your apps talk to each other, cybercriminals lurk: McAfee report
By Digital News Asia June 29, 2016
- Mobile OSes allow apps to communicate with each other across sandbox boundaries
- Mac malware spiked Q1 primarily due to an increase in VSearch adware
CYBERCRIMINALS are making increasing use of what is called ‘mobile app collusion,’ where they make use of communications between apps to manipulate two or more apps to orchestrate attacks on smartphone owners, according to Intel Security.
In its recently released McAfee Labs Threats Report: June 2016, such behaviour was observed across more than 5,056 versions of 21 apps designed to provide useful user services such as mobile video streaming, health monitoring, and travel planning, the company said in a statement.
The failure of users to regularly implement essential software updates to these 21 mobile apps raises the possibility that older versions could be commandeered for malicious activity, it added.
Widely considered a theoretical threat for many years, colluding mobile apps carry out harmful activity together by leveraging interapp communication capabilities common to mobile operating systems, the McAfee Labs report said.
These operating systems incorporate many techniques to isolate apps in sandboxes, restrict their capabilities, and control which permissions they have at a fairly granular level.
Unfortunately, mobile platforms also include fully documented ways for apps to communicate with each other across sandbox boundaries. Working together, colluding apps can leverage these interapp communication capabilities for malicious purposes.
McAfee Labs has identified three types of threats that can result from mobile app collusion:
- Information theft: An app with access to sensitive or confidential information willingly or unwillingly collaborates with one or more other apps to send information outside the boundaries of the device;
- Financial theft: An app sends information to another app that can execute financial transactions or make financial API (application programming interface) calls to achieve similar objectives; and
- Service misuse: One app controls a system service and receives information or commands from one or more other apps to orchestrate a variety of malicious activities.
Mobile app collusion requires at least one app with permission to access the restricted information or service, one app without that permission but with access outside the device, and the capability to communicate with each other, according to the McAfee Labs report.
Either app could be collaborating on purpose or unintentionally due to accidental data leakage or inclusion of a malicious library or software development kit.
Such apps may use a shared space (files readable by all) to exchange information about granted privileges and to determine which one is optimally positioned to serve as an entry point for remote commands.
“Improved detection drives greater efforts at deception,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs group.
“It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight,” he added.
The McAfee Labs report discusses forward-looking research to create tools, initially used by threat researchers manually but eventually to be automated, to detect colluding mobile apps. Once identified, colluding apps may be blocked using mobile security technology.
The report suggests a variety of user approaches to minimise mobile app collusion, including downloading mobile apps only from trusted sources, avoiding apps with embedded advertising, not ‘jailbreaking’ mobile devices, and most importantly, always keeping operating system and app software up-to-date.
For online safety tips on how consumers can protect themselves from the threats mentioned in this report, visit Consumer Safety Tips Blog. (Click the infographic below to enlarge)
Q1 2016 threat statistics
- Ransomware: New ransomware samples rose 24% this quarter due to the continued entry of relatively low-skilled criminals into the ransomware cybercrime community. This trend is the result of widespread adoption of exploit kits to deploy the malware.
- Mobile: New mobile malware samples grew 17% quarter over quarter in Q1 2016. Total mobile malware samples grew 23% quarter over quarter and 113% over the last four quarters.
- Mac OS malware: Mac OS malware grew quickly in Q1, primarily due to an increase in VSearch adware. While the absolute number of Mac OS samples is still low, the total number of samples has increased 68% quarter over quarter and 559% over the last four quarters.
- Macro malware: Macro malware continues on the growth trajectory begun in 2015 with a 42% quarter over quarter increase in new macro malware samples. The new breed of macro malware continues to attack corporate networks primarily through sophisticated spam campaigns that leverage information gathered through social engineering to appear legitimate.
- Gamut botnet: The Gamut botnet became the most productive spam botnet in Q1, increasing its volume nearly 50%. Prevalent spam campaigns offer get-rich-quick schemes and knockoff pharmaceutical supplies. Kelihos, the most prolific spamming botnet during Q4 2015 and a widespread malware distributor, slipped to fourth place.
The world’s first mobile malware celebrates its 10th birthday
Spyphone apps on the rise: Alcatel-Lucent study
Old malware still threaten in Malaysia, thanks to legacy systems and pirated OSes
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.