Businesses are reporting that when they try to download popular business related apps they are instead being tricked into downloading and installing malware onto their devices. This is a result of malware apps posing as popular business apps and are most frequently encountered when device users are attempting to download an official app outside of the official app store marketplace.
Once installed some malware can be capable of collecting and leaking the victim’s phone number, mobile device unique identifier (IMEI), and location. As a way to make money, it may even send messages to premium SMS numbers. Other similar malware threats are more concerned with advertising and will push adverts to the notification bar and some will steal a copy of the contacts data from the user.
Some of the apps that are being mimicked have been reported to be Dropbox, Business Calendar, FedEx Mobile, Google Keep, Remote VNC Pro, Sky Drive, PocketCloud and Skype. Unfortunately, this is far from an exhaustive list. In reality these apps go by the name of unsafeControl, PJApps, and Andro Rat.
As the malware-infected app is most likely to originate from a third party marketplace then a good practice is to download from official app stores. This, unfortunately, does not alway guarantee success in security defense as some malware-infested apps can still slip through so even an employee that thinks they are behaving sensible may still become a victim.
Mobile device management [MDM] is also a solution and will allow business to blacklist or whitelist certain kinds of apps but again it is not a perfect fix as some apps still manage to bypass this by exploiting how MDM solutions operate.