Beware of these mobile threats posing as popular business apps

Tuesday 5th of July 2016 in Mobiles by Kerry Owston

Businesses are reporting that when they try to download popular business related apps they are instead being tricked into downloading and installing malware onto their devices. This is a result of malware apps posing as popular business apps and are most frequently encountered when device users are attempting to download an official app outside of the official app store marketplace.

Mobile Security

Once installed some malware can be capable of collecting and leaking the victim’s phone number, mobile device unique identifier (IMEI), and location. As a way to make money, it may even send messages to premium SMS numbers. Other similar malware threats are more concerned with advertising and will push adverts to the notification bar and some will steal a copy of the contacts data from the user.

Some of the apps that are being mimicked have been reported to be Dropbox, Business Calendar, FedEx Mobile, Google Keep, Remote VNC Pro, Sky Drive,  PocketCloud  and Skype. Unfortunately, this is far from an exhaustive list. In reality these apps go by the name of unsafeControl, PJApps, and Andro Rat.

As the malware-infected app is most likely to originate from a third party marketplace then a good practice is to download from official app stores. This, unfortunately, does not alway guarantee success in security defense as some malware-infested apps can still slip through so even an employee that thinks they are behaving sensible may still become a victim.

Mobile device management [MDM] is also a solution and will allow business to blacklist or whitelist certain kinds of apps but again it is not a perfect fix as some apps still manage to bypass this by exploiting how MDM solutions operate.

Using the right tools it is possible to see if an app could pose a threat. Problems with the apps reviews, it’s privacy policy and the development company's reputation are all indicators it might be a good idea to check especially if the app is originating from outside of an official app store.



 


 


© The One Point All rights reserved. Terms and Conditions | Privacy Policy | Calls may be recorded for quality and training.