McAfee released its latest McAfee Labs Threats Report: June 2016 report yesterday, and its research shows that mobile app collusion and the W32/Pinkslipbot Trojan are the biggest cyber threats lurking.
Mobile data app collusion is one of the biggest threats, in which attackers modify and manipulate two or more apps to extract user data, send sms messages, stealth load apps, steal financial information, abuse a service and steal user information - including location data.
The report says that McAfee Labs has witnessed collusion across more than 5000 versions across versions of 21 separate apps in areas such as video streaming, health monitoring and travel planning. McAfee believes that users who fail to update apps are putting themselves at risk while attackers target older versions.
Mobile app collusion needs one app with restricted information permissions, another with the same permissions and with access outside the mobile device, and both need the ability to send information to each other. This allows accidental or intentional collaboration through backdoors such as malicious libraries and software development kits.
“Improved detection drives greater efforts at deception. It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps,” says Vincent Weafer, vice president of Intel Security’s McAfee Labs group.
The report also shows that the W32/Pinkslipbot Trojan, also known as Qakbok, Akbot and Qbot, is back after its initial appearance in 2007. The new trojan reappeared in 2015 with extra features such as anti-analysis, multilayered encryption and data exfiltration to stop researchers from reverse engineering it.
The malware is a high-impact and damaging trojan, with the ability to steal bank details, email passwords and digital certificates.
The report analyses mainstream hashing functions and concludes that businesses should keep their IT systems up to date with the latest and strongest hashing standards.
Other statistics from the report, Q1 2016
The McAfee Labs report recommends using mobile security to detect and block mobile collusion threats. Users can also avoid apps with embedded ads, download apps from trusted sources, keep software up to date and avoid jailbreaking their devices.