Phishing and malware attacks have evolved to target the mobile device and Mobile Apps are a main vector in the delivery of phishing based apps and the delivery of malicious payloads.
Mobile Apps are available from an ever growing source and points of presence outside of the control of the business, from unofficial / third party App stores, Social Media, P2P networks, download sites and rogue App stores.
Mobile Apps provide an emerging threat for cybercrime and brand abuse through Rogue, Unofficial, Unauthorised or Malicious Apps. Phishing is shifting to target the mobile user through spoofed mobile sites and Apps. Mobile malware is a growing area leading to fraud and abuse. Rogue Mobile Apps are a main vector in the delivery of malicious payloads. The Mobile Channel strategy needs to provide controls to manage and secure the Mobile App deployment.
Mobile Apps can be readily copied from known sources to a point of presence unknown to the business, which although may present favourable uptake metrics, provides an opportunity for abuse and malice to go unchecked. Mobile Apps can be:
Mobile App threats are;
unofficial Apps may or may not be sanctioned by the business
impersonating a brand, used to entice users to download and install the App on their mobile device
phishing based Apps send log in credentials directly to the criminals
malicious Apps can be embedded with malware to allow to hijack the browser session, to take control of the mobile device or to facilitate man in the middle attacks
an unauthorised mobile app taking advantage of a well known brand, can create a negative experience for the end user, and will impact on the brands reputation.
copied or altered in a benign or malicious way
alternative, unofficial Apps created to abuse the organisation’s branding, trademarks and content
repackaged and distributed outside the authorisation and visibility of the business
sold and traded providing means for third parties to profiteer
hijacked to deliver malicious payloads such as financial malware or phishing content
The business needs to provide intelligence and controls to manage and secure the Mobile App deployment and protect their user base against downloading unauthorised or malicious Apps.