Intel Security flags up 'new attack method'

'Mobile app collusion' can lead to information theft, financial theft or service misuse, latest McAfee Labs Threat Report warns

Intel Security has highlighted mobile app collusion as an "emerging new attack method" in its latest McAfee Labs Threat Report, which also flagged up a 24 per cent quarterly rise in new ransomware.

Eight pages of the report were given over to the new trend, which sees cybercriminals manipulate two or more apps to orchestrate attacks on smartphone owners (see the bottom of this story for Intel Security's full definition).

McAfee Labs has discovered app collusion in more than 5,000 mobile app installation packages, Intel Security said.

Viewed independently, the apps appear benign, Intel Security explained. But when they run on the same mobile device and share information, they may be malicious, it warned, adding that the attack method can lead to information theft, financial theft or service misuse.

Intel Security said mobile app collusion has been "widely considered a theoretical threat for many years". But now it said it has identified such behaviour across more than 5,056 versions of 21 apps designed to provide useful user services such as mobile video streaming, health monitoring and travel planning.

"Improved detection drives greater efforts at deception," said Vincent Weafer, vice president of Intel Security's McAfee Labs group. "It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps."

New ransomware samples, meanwhile, rose 24 per cent between Q4 and Q1, due to the continued entry of relatively low-skilled criminals into the ransomware cybercrime community, the report found. This trend is the result of widespread adoption of exploit kits to deploy the malware, Intel Security said.

A trio of ransomware attacks on hospitals - one of which paid a $17,000 ransom - is in line with the prediction McAfee Labs made in November that attackers will begin to focus on industry sectors that will quickly pay ransoms to restore their critical operations, Intel Security noted.

New mobile malware samples grew 17 per cent quarter on quarter in Q1, with Mac OS malware samples rising 68 per cent quarter on quarter and 559 per cent year on year, the report found.

Intel Security also used the report to bemoan the "dearth of truly effective models and alliances for sharing intelligence" in the security sector.

On this front, the vendor said it is "helping lead" the recently formed Information Sharing and Analysis Organisation (ISAO), which is funded by the US Department of Homeland Security. Its work this year "should lead to the formation of more consistent sharing alliances", it said.

Mobile app collusion, as defined by Intel Security

"Widely considered a theoretical threat for many years, colluding mobile apps carry out harmful activity together by leveraging inter-app communication capabilities common to mobile operating systems. These operating systems incorporate many techniques to isolate apps in sandboxes, restrict their capabilities, and control which permissions they have at a fairly granular level. Unfortunately, mobile platforms also include fully documented ways for apps to communicate with each other across sandbox boundaries. Working together, colluding apps can leverage these interapp communication capabilities for malicious purposes."