Intel Security has released its McAfee Labs Threat Report for June. It reveals the existence of an “emerging new attack method” that was considered theoretical for many years: app collusion.
The practice involves a cyberattacker commanding two or more apps on the same mobile device to work together so they can carry out malicious activities. One example is that of a banking app with limited permissions collaborating – willingly or unwillingly - with other apps so they can send information outside of the device.
Mobile app collusion requires at least one app with permission to access the restricted information or service, one app without that permission but with access outside the device, and the capability to communicate with each other. Either app could be collaborating on purpose or unintentionally due to accidental data leakage or inclusion of a malicious library or software development kit. Such apps may use a shared space (files readable by all) to exchange information about granted privileges and to determine which one is optimally positioned to serve as an entry point for remote commands.
McAffe Labs says it has observed app collusion across more than 5000 versions of 21 apps. It didn’t name any of the programs, but they are older versions of apps designed for mobile video streaming, health monitoring, and holiday planning. The report warned that the attack method can lead to information theft, financial theft or service misuse.
“Improved detection drives greater efforts at deception,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs group. "It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps."
Away from app collusion, the report showed that new ransomware samples grew 24 percent in Q1 2016, due to an increase in the number of low-skilled criminals in the cyberware community and the widespread adoption of exploit kits.
Additionally, new mobile malware samples rose 17 percent in the first quarter of 2016, and, while the total number of Mac OS samples is still low, it increased 68 percent quarter-over-quarter and 559 percent over the last four quarters.