This blog post was written by Vincent Weafer.
I would be lost without my smartphone and its many convenient features. I look at my calendar and click to schedule an online meeting, inviting attendees from my contact list. I use my airline app to make sure my flight is on time and click to check the weather at my destination. I pick a restaurant using a handy restaurant-rating app, click to make a reservation, and have it automatically added to my calendar. And after dinner, I take photos and post them on the restaurant-rating app.
All of these activities require two or more mobile apps to communication with one another. I trust the apps I use, so I grant them permission to exchange information. But what if there are bad apples in the bushel of apps that I use? What if one of them appears benign when examined alone but actually acts in collusion with other apps to extract contact info, schedules, or photos, or even listens to that online meeting?
Mobile app collusion is the lead topic in our McAfee Labs Threats Report: June 2016, released today. McAfee Labs, in conjunction with several university researchers, has examined for a couple of years what has been a theoretical threat, working to develop efficient approaches to detect colluding mobile apps. We now have tools that our threat researchers can use manually to spot these malicious apps. We hope to automate that detection capability sometime in the future.
There was a coincidental twist to the mobile app collusion story. As we prepared this Threats Report key topic, our threat researchers discovered―in the wild―app collusion in more than 5,000 installation packages representing 21 mobile apps. We now know that this type of threat is no longer theoretical.
To learn more about how to protect against mobile app collusion, read our Solution Brief on Safeguarding Against Colluding Mobile Apps.
Also in this quarter’s Threats Report are two additional key topics:
- We examine mainstream hashing functions and explain how they become more susceptible to cyberattacks as processor performance increases. We also show the volume of certificates still signed by outdated and weakened hashing functions, including certificates used in industrial and critical infrastructure applications.
- We provide an in-depth look at Pinkslipbot, a malware family that has been systematically enhanced since 2007. This backdoor Trojan with wormlike abilities is a damaging, high-impact malware family capable of stealing banking credentials, email passwords, and signing certificates. Pinkslipbot infections dwindled in 2013 but made an aggressive return near the end of 2015. The malware now includes improved features including antianalysis and multilayered encryption abilities to prevent it from being reverse engineered by malware researchers.
Finally, we highlight significant threat activity and statistics.
- New ransomware samples rose 24% this quarter due to the continued entry of relatively low-skilled criminals into the ransomware cybercrime community. This trend is the result of widespread adoption of exploit kits to deploy the malware.
- New mobile malware samples grew 17% quarter over quarter in Q1 2016. Total mobile malware samples grew 23% quarter over quarter and 113% over the last four quarters.
- Mac OS malware. Mac OS malware grew quickly in Q1, primarily due to an increase in VSearch adware. Although the absolute number of Mac OS samples is still low, the total number of samples has increased 68% quarter over quarter and 559% over the last four quarters.
- Macro malware. Macro malware continues on the growth trajectory begun in 2015 with a 42% quarter over quarter increase in new macro malware samples. The new breed of macro malware continues to attack corporate networks primarily through sophisticated spam campaigns that leverage information gathered via social engineering to appear legitimate.
For more information on these key topics, or more threat landscape statistics for Q1 2016, click here.