McAfee Labs Reveals New Threats Lurking Through Applications

According to the “McAfee Labs Threats Report: June 2016,” a new threat should concern users: using different smartphone applications to orchestrate an attack for the owner.

Intel’s report this behaviour noted in more than 5,056 versions. Applications range from video transmission, control health and travel planning.

The origin of this manipulation of apps to direct an attack (which in some cases requires only two applications) may be related to not regularly updated versions thereof, are left exposed to hackers.

Thus, their operating systems isolate sandboxes applications, while restricting their capacities and controlled at a level which permits enjoy. The problem is that mobile platforms also enable applications to communicate with each other through isolated environments. The result is already known: exposure of private or confidential information, financial transactions or unwanted control of a mobile service.

For this “intercom” between mobile applications takes place, it is necessary that at least one of the applications involved in the process to have permission to access the restricted information or services that an application without this permission with access to the outside the device and have the ability to communicate with each other; they can use a shared space (accessible and understandable for all files) to exchange information about privileges granted and determine which is optimally located to serve as an entry point to remote commands.

As the report explains, there are several steps that users can take to minimize the effects of these illegitimate connections: must download applications only from trusted sources, avoid applications with integrated advertising, not to eliminate restrictions software or “jailbreaking” on mobile devices, and most importantly, maintaining and constantly updating the operating system and applications.

McAfee Labs has identified 3 types of threats that can be generated from the collision of mobile applications:

1. Information Theft: when an application access to sensitive or confidential information inadvertently or aware of it, collaborates with one or more other applications to send information out of the boundaries of the device.

2. Financial Fraud: refers to when an application sends information to another that can execute financial transactions or conduct financial API calls to achieve similar goals.

3. Misuse of service: in this case, an application controls a system service and receives information or commands from one or more applications to orchestrate various malicious activities.

Vincent Weafer, group VP of Intel Labs McAfee Security said: “The improvement in the detection promotes greater efforts to deceive,” also said, “It is not surprising that opponents have responded to the efforts of mobile security with new threats to try to hide in plain sight. Our goal is to make it increasingly difficult malicious applications take over our personal devices, developing tools to detect and smarter mobile applications in collusion techniques”.

The report also documents this quarter the return of Trojan W32 / Pinkslipbot (also known as Qakbot, Akbot, Qbot). This backdoor Trojan worm-like capabilities initially launched in 2007 and quickly gained a reputation as a family of very harmful malware and high impact, capable of stealing bank cards, email passwords and digital certificates.

Add Comment