Cybercriminals manipulate two or more apps to orchestrate attacks on smartphone owners, according to a new McAfee Labs Threats Report.
The report has observed such behavior across more than 5,056 versions of 21 apps that provide user services such as mobile video streaming.
Older versions could be commandeered for malicious activity because users cannot regularly implement essential software updates to these 21 mobile apps.
Colluding mobile apps carry out harmful activity together by leveraging interapp communication capabilities common to mobile operating systems.
"Improved detection drives greater efforts at deception," said Vincent Weafer, vice president of Intel Security's McAfee Labs group. "Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps."
Types of threats
McAfee Labs has identified three types of threats that can result from mobile app collusion: information theft, financial theft and service misuse threat.
Mobile app collusion requires at least one app with permission to access the restricted information or service, one app without that permission but with access outside the device.
These apps should have the capability to communicate with each other and could be collaborating on purpose or unintentionally.
Such apps use a shared space to exchange information about granted privileges and to determine which one can serve as an entry point for remote commands.
"While the industry continues to improve on its threat detection and mitigation capabilities, cybercriminals are responding by coming up with new tricks," said David Allott, director of Cyber Defence, Intel Security Group - Asia Pacific. "With more than 1 billion smart phone users in Asia Pacific, mobile app collusion has become a very real threat."
Sign up for CIO Asia eNewsletters.