GEC NEWS WIREIntel Security released its McAfee Labs Threats Report: June 2016, which explains the dynamics of mobile app collusion, where cybercriminals manipulate two or more apps to orchestrate attacks capable of exfiltrating user data, inspecting files, sending fake SMS messages, loading additional apps without user consent, and sending user location information to control servers. McAfee Labs has observed such behavior across more than 5,000 versions of 21 apps designed to provide useful user services such as mobile video streaming, health monitoring, and travel planning.
The McAfee Labs report discusses forward-looking research to create tools, initially used by threat researchers manually but eventually to be automated, to detect colluding mobile apps. Once identified, colluding apps may be blocked using mobile security technology. The report suggests a variety of user approaches to minimize mobile app collusion, including downloading mobile apps only from trusted sources, avoiding apps with embedded advertising, not “jailbreaking” mobile devices, and most importantly, always keeping operating system and app software up-to-date.
McAfee Labs has identified three types of threats that can result from mobile app collusion: Information theft; Financial theft; Service misuse. Raj Samani, VP & CTO, EMEA, Intel Security said, “It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps.”
