Partners in crime: investigating mobile app collusion
Mobile operating systems support multiple communication methods between apps running on mobile devices. Unfortunately, these handy interapp communication mechanisms also make it possible to carry out harmful actions in a collaborative fashion. Two or more mobile apps, viewed independently, may not appear to be malicious. However, together they could become harmful by exchanging information with one another. Multiapp threats such as these were considered theoretical for some years, but McAfee Labs recently observed colluding code embedded in multiple applications in the wild. In this Key Topic, we provide a concise definition of mobile app collusion, explain how mobile app collusion attacks are manifested, and how businesses can protect themselves from such attacks.
The state of cryptographic algorithms
Trust is an Internet cornerstone, built on the belief that messages and files freely exchanged on the Internet are authentic. Foundational to that are hashing functions that transform messages and files into a short set of bits. But what happens if cybercriminals break these hashing functions? In this Key Topic, we examine mainstream hashing functions and explain how they become more susceptible to cyberattacks as processor performance increases. We also show the volume of certificates still signed by outdated and weakened hashing functions, including certificates used in industrial and critical infrastructure applications. Finally, we make the case that businesses should actively migrate to stronger hashing functions.
Pinkslipbot: back from its slumber
After three years in hibernation, W32/Pinkslipbot (also known as Qakbot, Akbot, QBot) has re-emerged. This backdoor Trojan with wormlike abilities initially launched in 2007 and quickly earned a reputation for being a damaging, high-impact malware family capable of stealing banking credentials, email passwords, and signing certificates. Pinkslipbot infections dwindled in 2013 but made an aggressive return near the end of 2015. The malware now includes improved features including antianalysis and multilayered encryption abilities to prevent it from being reverse engineered by malware researchers. In this Key Topic, we document its history, evolution, recent updates, and the botnet infrastructure. We also provide details about its self-update and data exfiltration mechanism as well as McAfee Labs’ effort to monitor Pinkslipbot infections and credential theft in real time.