Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
01:46 PM
Vincent Weafer
Vincent Weafer
Partner Perspectives

Mobile App Collusion, The State Of Hashing, And A Troublesome Trojan Returns

Highlights from the June 2016 McAfee Labs Threats Report.

Mobile malware continues its relentless growth, with infection rates steadily climbing over the past 12 months, approaching 10% of all reporting devices according to the June 2016 McAfee Labs Threats Report. Total Mac OS malware almost doubled during Q1 2016, but the total of almost 100,000 Mac OS malware samples is just a tiny fraction of the nearly 10 million total mobile malware or 575 million total malware samples. Ransomware continues to grow fast as inexperienced attackers increasingly use off-the-shelf exploit kits to easily deploy ransomware.

Mobile Collusion

In the mobile area, researchers from McAfee Labs uncovered mobile apps in the wild working together to exfiltrate mobile data. These colluding apps use interprocess messaging techniques that enable a high-privilege app to pass sensitive information to another app, which then sends the data to its control server in the cloud. Neither of the apps appears malicious when its code is examined individually by the app market or other security defenses. It is only when they are examined together that their malicious intent is revealed. Specific threat types identified include information theft, financial theft, and service misuse.

Hashing Vs. Processor Performance

Increasing processor performance has enabled an incredible range of new applications and devices. Unfortunately, it also reduces the time and cost to impact hashing functions, which are integral to maintaining trust on the internet. When receiving a message or file, a “hash,” or summary of the contents, is verified to confirm that the message is authentic, has not been altered, and is from the sender. To make this work, hashes have to be expensive and time-consuming to duplicate from different messages or files. Processor performance has increased to a point where some older hashing functions are easily cracked. MD5, a hashing algorithm popular in the 1990s, had its viability questioned in 2006. Today, a duplicate hash value can be generated in less than one second. Researchers are now questioning the ongoing viability of the SHA-1 hashing function. It still takes months to duplicate a SHA-1 hash, but since it can take years to adopt a new hashing algorithm, it is time to begin the process now to replace digital certificates based on SHA-1.

Pinkslipbot Trojan Returns

First appearing in the wild in 2007, the Trojan Pinkslipbot went dormant for a couple of years but returned to its previous peak sample rate in Q1. This malware steals personal and financial data and can also take control of an infected system. Once inside, it can determine the location, organization, and individual account of the system, all valuable information. It also aggressively moves laterally through an organization, infecting additional systems. The group behind Pinkslipbot actively enhances the code to improve its effectiveness. It can now disable web reputation products, will shut down if a virtual machine or a debugger is detected, and can change folder permissions to defend itself against antimalware tools.

For more information on these topics, you can download the full McAfee report here.

Vincent Weafer is Senior Vice President of Intel Security, managing more than 350 researchers across 30 countries. He's also responsible for managing millions of sensors across the globe, all dedicated to protecting our customers from the latest cyber threats. Vincent's team ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.
PUBLISHED: 2020-07-07
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
PUBLISHED: 2020-07-07
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.
PUBLISHED: 2020-07-07
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).