McAfee Labs Report Reveals New Mobile App Collusion Threats
Intel Security announced today its McAfee Labs Threat Report, June 2016, which reveals the dynamics of mobile app collusion; wherein cybercriminals leverage two or more apps to mastermind attacks on smartphone owners.
McAfee Labs has taken a closer look at such behavior across 5,056 versions of 21 apps designed to provide useful user services such as mobile video streaming, health monitoring, and travel planning.
However, the failure of users to regularly implement essential software updates to these 21 mobile apps raises the chances of older versions being commandeered for malicious activity.
McAfee Labs has pointed out three types of threats that can result from mobile app collusion:
- Information theft: An app with access to sensitive or confidential information willingly or unwillingly collaborates with one or more other apps to send information outside the boundaries of the device
- Financial theft: An app sends information to another app that can execute financial transactions or make financial API calls to achieve similar objectives
- Service misuse: One app controls a system service and receives information or commands from one or more other apps to orchestrate a variety of malicious activities.
To coordinate mobile app collusion, an individual needs at least one app with permission to access the restricted information or service, one app without permission but with access outside the device, and the capability to communicate with each other.
“Improved detection drives greater efforts at deception,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs group. “It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps.”
For a more detailed look at the report conducted by McAfee Labs, click here.