Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
01:46 PM
Vincent Weafer
Vincent Weafer
Partner Perspectives

Mobile App Collusion, The State Of Hashing, And A Troublesome Trojan Returns

Highlights from the June 2016 McAfee Labs Threats Report.

Mobile malware continues its relentless growth, with infection rates steadily climbing over the past 12 months, approaching 10% of all reporting devices according to the June 2016 McAfee Labs Threats Report. Total Mac OS malware almost doubled during Q1 2016, but the total of almost 100,000 Mac OS malware samples is just a tiny fraction of the nearly 10 million total mobile malware or 575 million total malware samples. Ransomware continues to grow fast as inexperienced attackers increasingly use off-the-shelf exploit kits to easily deploy ransomware.

Mobile Collusion

In the mobile area, researchers from McAfee Labs uncovered mobile apps in the wild working together to exfiltrate mobile data. These colluding apps use interprocess messaging techniques that enable a high-privilege app to pass sensitive information to another app, which then sends the data to its control server in the cloud. Neither of the apps appears malicious when its code is examined individually by the app market or other security defenses. It is only when they are examined together that their malicious intent is revealed. Specific threat types identified include information theft, financial theft, and service misuse.

Hashing Vs. Processor Performance

Increasing processor performance has enabled an incredible range of new applications and devices. Unfortunately, it also reduces the time and cost to impact hashing functions, which are integral to maintaining trust on the internet. When receiving a message or file, a “hash,” or summary of the contents, is verified to confirm that the message is authentic, has not been altered, and is from the sender. To make this work, hashes have to be expensive and time-consuming to duplicate from different messages or files. Processor performance has increased to a point where some older hashing functions are easily cracked. MD5, a hashing algorithm popular in the 1990s, had its viability questioned in 2006. Today, a duplicate hash value can be generated in less than one second. Researchers are now questioning the ongoing viability of the SHA-1 hashing function. It still takes months to duplicate a SHA-1 hash, but since it can take years to adopt a new hashing algorithm, it is time to begin the process now to replace digital certificates based on SHA-1.

Pinkslipbot Trojan Returns

First appearing in the wild in 2007, the Trojan Pinkslipbot went dormant for a couple of years but returned to its previous peak sample rate in Q1. This malware steals personal and financial data and can also take control of an infected system. Once inside, it can determine the location, organization, and individual account of the system, all valuable information. It also aggressively moves laterally through an organization, infecting additional systems. The group behind Pinkslipbot actively enhances the code to improve its effectiveness. It can now disable web reputation products, will shut down if a virtual machine or a debugger is detected, and can change folder permissions to defend itself against antimalware tools.

For more information on these topics, you can download the full McAfee report here.

Vincent Weafer is Senior Vice President of Intel Security, managing more than 350 researchers across 30 countries. He's also responsible for managing millions of sensors across the globe, all dedicated to protecting our customers from the latest cyber threats. Vincent's team ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-09-16
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
PUBLISHED: 2021-09-16
fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.
PUBLISHED: 2021-09-16
fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.
PUBLISHED: 2021-09-16
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
PUBLISHED: 2021-09-16
fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.