SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
McAfee report: Mobile collusion app attacks on the rise, W32/Pinkslipbot Trojan back
Wed, 15th Jun 2016
FYI, this story is more than a year old

McAfee released its latest McAfee Labs Threats Report: June 2016 report yesterday, and its research shows that mobile app collusion and the W32/Pinkslipbot Trojan are the biggest cyber threats lurking.

Mobile data app collusion is one of the biggest threats, in which attackers modify and manipulate two or more apps to extract user data, send sms messages, stealth load apps, steal financial information, abuse a service and steal user information - including location data.

The report says that McAfee Labs has witnessed collusion across more than 5000 versions across versions of 21 separate apps in areas such as video streaming, health monitoring and travel planning. McAfee believes that users who fail to update apps are putting themselves at risk while attackers target older versions.

Mobile app collusion needs one app with restricted information permissions, another with the same permissions and with access outside the mobile device, and both need the ability to send information to each other. This allows accidental or intentional collaboration through backdoors such as malicious libraries and software development kits.

“Improved detection drives greater efforts at deception. It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps,” says Vincent Weafer, vice president of Intel Security's McAfee Labs group.

The report also shows that the W32/Pinkslipbot Trojan, also known as Qakbok, Akbot and Qbot, is back after its initial appearance in 2007. The new trojan reappeared in 2015 with extra features such as anti-analysis, multilayered encryption and data exfiltration to stop researchers from reverse engineering it.

The malware is a high-impact and damaging trojan, with the ability to steal bank details, email passwords and digital certificates.

The report analyses mainstream hashing functions and concludes that businesses should keep their IT systems up to date with the latest and strongest hashing standards.

Other statistics from the report, Q1 2016

  • New types of ransomware have increased 24% quarter-over quarter in Q1 2016, due to new low-skilled entrants into ransomware community and the use of widely-share exploit kits
  • New mobile malware samples have increased 17% quarter-over-quarter in Q1 2016, and 113% over the last four quarters
  • Mac malware spiked in Q1 2016, driven by the increase in VSearch adware, showing that Macs are slowly starting to become victims of malware attacks. The number has increased 559% over the last four quarters.
  • Macro malware has seen a 42% quarter on quarter growth from 2015 and continues to attack businesses through social engineering and spam campaigns
  • The Gamut spam botnet increased its volume by 50% in Q1 2016, using get-rick-quick schemes and pharmaceutical ads to spam web attacks.
  • The McAfee Labs report recommends using mobile security to detect and block mobile collusion threats. Users can also avoid apps with embedded ads, download apps from trusted sources, keep software up to date and avoid jailbreaking their devices.