More than 5,000 installation packages representing 21 mobile apps contain “colluding code” that can be used to carry out a variety of malicious activities, a report from McAfee Labs found.

Mobile app collusion is defined as two or more apps working together to steal personal information from a smartphone, read files, send fake text messages on a user’s behalf, load viruses onto a device, or conduct financial transactions using online payment accounts.

McAfee Labs, the threat research division of Intel Security, observed such behaviour across around 5,056 versions of 21 apps providing services including video streaming, health monitoring and travel planning.

Since users want apps to be able to work together, mobile operating systems are designed to help apps communicate with each other.

Cyber criminals exploit this by creating a seemingly legitimate app which provides a useful service and doesn’t appear to pose a security threat.

But working in concert, the apps can exchange information – for example with an app which has sensitive permissions partnered with another which provides internet access.

“Because many mobile apps haven’t been updated, criminals can exploit their out-of-date designs and security flaws, commandeer the capabilities of benign apps, and use them to attack the smartphone’s owner,” explained Bruce Snell, cybersecurity and privacy director at Intel Security.

According to Snell, users can protect themselves by updating their smartphone’s software regularly and deleting old apps they don’t use.

“Each app you forget about and never use will likely be an app you don’t regularly update. If you don’t use them, lose them,” he wrote in a blog post.

What’s more, he said it is important to only download apps from trustworthy sources and always use mobile security protection.

The McAfee Labs report also makes suggestions: avoid apps with embedded advertising and don’t jailbreak devices.

The report also found that new mobile malware samples grew 17 per cent quarter over quarter in Q1 2016.