sb-as logo
Story image

McAfee report: Mobile collusion app attacks on the rise, W32/Pinkslipbot Trojan back

15 Jun 2016

McAfee released its latest McAfee Labs Threats Report: June 2016 report yesterday, and its research shows that mobile app collusion and the W32/Pinkslipbot Trojan are the biggest cyber threats lurking.

Mobile data app collusion is one of the biggest threats, in which attackers modify and manipulate two or more apps to extract user data, send sms messages, stealth load apps, steal financial information, abuse a service and steal user information - including location data.

The report says that McAfee Labs has witnessed collusion across more than 5000 versions across versions of 21 separate apps in areas such as video streaming, health monitoring and travel planning. McAfee believes that users who fail to update apps are putting themselves at risk while attackers target older versions.

Mobile app collusion needs one app with restricted information permissions, another with the same permissions and with access outside the mobile device, and both need the ability to send information to each other. This allows accidental or intentional collaboration through backdoors such as malicious libraries and software development kits.

“Improved detection drives greater efforts at deception. It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps,” says Vincent Weafer, vice president of Intel Security’s McAfee Labs group.

The report also shows that the W32/Pinkslipbot Trojan, also known as Qakbok, Akbot and Qbot, is back after its initial appearance in 2007. The new trojan reappeared in 2015 with extra features such as anti-analysis, multilayered encryption and data exfiltration to stop researchers from reverse engineering it.

The malware is a high-impact and damaging trojan, with the ability to steal bank details, email passwords and digital certificates.

The report analyses mainstream hashing functions and concludes that businesses should keep their IT systems up to date with the latest and strongest hashing standards.

Other statistics from the report, Q1 2016

  • New types of ransomware have increased 24% quarter-over quarter in Q1 2016, due to new low-skilled entrants into ransomware community and the use of widely-share exploit kits
  • New mobile malware samples have increased 17% quarter-over-quarter in Q1 2016, and 113% over the last four quarters
  • Mac malware spiked in Q1 2016, driven by the increase in VSearch adware, showing that Macs are slowly starting to become victims of malware attacks. The number has increased 559% over the last four quarters.
  • Macro malware has seen a 42% quarter on quarter growth from 2015 and continues to attack businesses through social engineering and spam campaigns
  • The Gamut spam botnet increased its volume by 50% in Q1 2016, using get-rick-quick schemes and pharmaceutical ads to spam web attacks.

The McAfee Labs report recommends using mobile security to detect and block mobile collusion threats. Users can also avoid apps with embedded ads, download apps from trusted sources, keep software up to date and avoid jailbreaking their devices.

Story image
Radware signs on two more clients for DDoS protection
While Radware did not share the names of its two clients, the company did explain more about the partnerships.More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Story image
Revealed: Imperva publishes research on decade old botnet, responsible for millions of attacks
Imperva Research Labs has revealed findings of a six-month intensive investigation into a botnet that has been exploiting CMS vulnerabilities.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
How to secure your business against DDoS Attacks
With the upward trend of DDoS attacks this year, and an increased dependency on online channels across all industries, businesses need to be prepared, so they don’t suffer any disruption. More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More