Mobile applications afford a seamless user experience, however, Unofficial, Unauthorised, Rogue, Malicious Mobile Apps provide an emerging threat for cybercrime and brand abuse.
Phishing and malware attacks have evolved to target the mobile device and Mobile Apps are a main vector in the delivery of phishing based apps and the delivery of malicious payloads.
Mobile Apps are available from an ever growing source and points of presence outside of the control of the business, from unofficial / third party App stores, Social Media, P2P networks, download sites and rogue App stores.
Mobile Apps provide an emerging threat for cybercrime and brand abuse through Rogue, Unofficial, Unauthorised or Malicious Apps. Phishing is shifting to target the mobile user through spoofed mobile sites and Apps. Mobile malware is a growing area leading to fraud and abuse. Rogue Mobile Apps are a main vector in the delivery of malicious payloads. The Mobile Channel strategy needs to provide controls to manage and secure the Mobile App deployment.
Mobile Apps can be readily copied from known sources to a point of presence unknown to the business, which although may present favourable uptake metrics, provides an opportunity for abuse and malice to go unchecked. Mobile Apps can be:
Mobile App threats are;
unofficial Apps may or may not be sanctioned by the business
impersonating a brand, used to entice users to download and install the App on their mobile device
phishing based Apps send log in credentials directly to the criminals
malicious Apps can be embedded with malware to allow to hijack the browser session, to take control of the mobile device or to facilitate man in the middle attacks
an unauthorised mobile app taking advantage of a well known brand, can create a negative experience for the end user, and will impact on the brands reputation.
copied or altered in a benign or malicious way
alternative, unofficial Apps created to abuse the organisation’s branding, trademarks and content
repackaged and distributed outside the authorisation and visibility of the business
sold and traded providing means for third parties to profiteer
hijacked to deliver malicious payloads such as financial malware or phishing content
The business needs to provide intelligence and controls to manage and secure the Mobile App deployment and protect their user base against downloading unauthorised or malicious Apps.
[…] It’s all thanks to the good ol’ GPS (Global Positioning System). As long as you have your smartphone with you, combined with your mobile data, you’ll never get lost. No need to memorize routes and […]
[…] mobile malware is still fairly uncommon, with the total rate of infections standing at 8 percent. Mobile malware is outnumbered by PC attacks 40-1, as mobiles operate on far more customized systems, and malware […]
[…] mobile platforms and phones. Just November last year, Google acknowledged that it is able to track mobile phones even without a SIM card by checking the addresses of local cellular towers masts. Google later on […]
[…] any navigation system that is GPS-enabled. Think about it for a second – almost everyone with a smartphone, couriers, people with cars, taxi services and ride-sharing services – everyone that rely heavily […]
[…] Torrents, P2P and alternative networks – Modern cybercrime is emerging to the deeper grey parts of the internet. Monitoring of P2P provides further insight to this deeper threatscape. It is becoming more common for malware to leverage alternative networks as well as for the distribution of Mobile Apps. […]
[…] the deployment of mobile apps the bank has the opportunity to integrate or bake such security into the app – so instead of […]
[…] Android Malware has been known to exist on some models of Android phones during the manufacturing stage. Even if you have been careful about what you install and what you […]
[…] Recently thanks to a mobile app developer named Felix Krause who exposed that a certain app downloaded can phish for information […]
[…] worsening issue is that huge numbers of the applications that endure this process are self-signed. Mobile applications should demonstrate their legitimacy by utilizing digital certificates, yet numerous developers just […]
[…] is well-known that Android based phones such as Xiaomi is a target of malicious mobile apps or phishing applications, therefore Xiaomi took in some steps to help secure its consumers safety, […]