Leave a comment

Mobile Apps Collude to Steal Data

Mobile Apps Collude to Steal Data
McAfee has identified a new type of malware that hides its parts in different apps to avoid detection.

(CCM) — iOS and Android mobile apps containing malicious code are colluding to steal confidential information, carry out fraudulent transactions, send fake SMS messages, and install more malicious applications, security company McAfee Labs has discovered. The individual apps only contain a segment of malicious code, and by themselves they are harmless. The danger comes when two or more of these apps are installed on the same device. When that happens they can collude by communicating with each other so that the malicious code segments can be united and activated.

The problem with this type of malware is that it is very hard to detect, because apps submitted to Apple's App Store or Google's Play store are scanned for malicious behaviour individually, not together. The scale of the problem is not yet clear, but McAfee Labs has already identified 5,000 versions of 21 consumer mobile apps that contain colluding code and that are capable of data exfiltration, file inspection, fake SMS message generation, and other malicious activities.

Photo: © Pelykh Konstantin – Shutterstock.com