A failure to patch critical secure sockets layer (SSL) vulnerabilities has contributed to 18 out of the top 25 vulnerable mobile apps remaining vulnerable four months later, according to Intel Security's McAfee Labs Threats Report: February 2015.
The report describes how unsecured web sessions leave millions open to man-in-the-middle attacks, and also details the increasingly used Angler exploit kit, as well as warning of increasingly aggressive potentially unwanted programs (PUPs) that change system settings and gather personal information without the knowledge of users.
In January this year, McAfee Labs tested the 25 most popular apps on CERT's September 2014 list of vulnerable mobile apps that send login credentials through insecure connections and found that 18 still have still not been patched despite public disclosure, vendor notification, and, in some cases, multiple version updates addressing concerns other than security.
McAfee Labs researchers simulated man-in-the-middle (MITM) attacks that successfully intercepted information shared during supposedly secure SSL sessions. The vulnerable data included usernames and passwords and in some instances, login credentials from social networks and other third party services.
Raj Samani, EMEA CTO for Intel Security noted the widespread use of mobile apps in business, adding: “It is therefore important that mobile apps have the level of protection required for consumers and businesses to use them safely and so mobile app developers must take responsibility for ensuring that their applications follow secure programming and vulnerability responses.”
Another Q4 development saw cyber-criminals migrate to the Angler kit in the second half of 2014, when it surpassed Blackhole in popularity among exploit kits. It uses a variety of evasion techniques to remain undetected by virtual machines, sandboxes, and security software, and frequently changes patterns and payloads to hide its presence from some security products, and can deliver a wide range of payloads including banking Trojans, rootkits, ransomware, CryptoLocker, and backdoor Trojans.
Mobile malware samples grew 14 percent during the fourth quarter of 2014, with Asia and Africa registering the highest infection rates. At least 8 percent of all McAfee-monitored mobile systems reported an infection in Q4 2014, particularly the AirPush ad network.
In Q4, the number of new ransomware samples grew 155 percent after declining over the previous year. In total McAfee Labs now detects 387 new samples of malware every minute, or more than six every second.