McAfee: Mobile Applications Collaborating to Spread Malware
Mobile app collusion — when two or more apps share data with or without the knowledge or permission of the user — is opening doors to viruses when one application doesn’t have the same level of security as the other, said the quarterly report from McAfee Labs, the threat research division of Intel Security.
Hackers continue to experiment with different ways to bust into mobile devices, said Vincent Weafer, a security researcher at McAfee Labs. “Mobile technology is far more complicated to defend because there’s no one system capable of being locked down and controlled.”
Hackers are increasingly using the collaboration between apps to spread malware, the report said. For example, syncing contacts to LinkedIn or using a restaurant app to make a reservation and saving it directly to a calendar can bypass traditional privacy restrictions. Once that connection is made, spyware can insert itself into a mobile device and begin to extract information. If a mobile device is synced with a desktop, the malware can spread to it as well.
“There’s a reason people want to share between mobile apps — the concept is a really good thing,” Weafer said. “But the misuse of technology is where that backfires. As long as we have notification and consent from the application, it’s a positive thing.”
When applications download information from personal devices without user notification is when the problems arise. Administrators need to understand the process of this malicious software and think beyond individual applications if they want to secure their systems, according to Weafer.
“We rely on the fact that mobile applications are mostly harmless,” Weafer said. “The next step to secure our information is deciding what information we allow and don’t allow downloaded apps to have.”
McAfee Labs discovered app collusion in more than 5,000 installation packages representing 21 mobile apps through Android’s marketplace running undetected, according to the report.
Protecting against this type of app-to-app communication can be difficult because many security products don’t realize the applications are colluding. Intel Security recently joined together with researchers from several British universities to develop tools that can detect colluding mobile apps. The goal is to reduce detection time to ensure privacy protection, according to the report.
Meanwhile, Pinkslipbot, a piece of malware that is popular with hackers, has made a comeback, the report said. The virus has been around since 2007 and is well maintained because of its ability to constantly update, making it hard to develop software that keeps up with its rapid evolvement.
“The techniques, strategies and tools that hackers are using are very dynamic,” Weafer said. “The volume, speed and severity of attacks have increased. Virulent, well maintained tools and techniques are proving relentless.”
The report cited an increase in attacks across Microsoft and Mac OS platforms, but Weafer said the increase is minimal.
“Although it is a record setting year for malware attacks on Mac systems, it’s still a relatively tiny amount,” Weafer said. “The vast majority of malware remains Windows-based.”
According to the report, McAfee Global Threat Intelligence received an average of 49.9 billion queries per day. Every hour, more than 4.3 million attempts were made via email and browser searchers to entice McAfee customers into connecting to risky URLs.
“Ransomeware and crimeware are the top two topics of the report,” Weafer said. “Everyone wants to protect their personal data, we just have to explore deeper into how hackers identify individuals and their specific technological environment.”