Susan loved editing photos on her Android phone.
She’d heard rave reviews from her friends with iPhones about Prisma, a new iOS app for image editing. So when she heard Prisma would soon be released for Android, she logged in to the Google Play Store to see if it was there yet.
To her surprise, she found one that looked just like what her friends were describing. Delighted, she downloaded and started using it. Meanwhile, the app—a fake—was busy installing a Trojan horse on her phone.
When she got to work the next day, she logged her phone into the company network as usual. The malware jumped from her phone to the network. Yet no one knew. Not yet, but that was about to change…
Now, this isn’t necessarily a true story (at least, not one we’ve heard of—yet…), but it absolutely could have been. And similar situations are unfolding as you read this. Yes, possibly even at your company…
Fake apps exploded onto iTunes and Google Play last November, just in time for holiday shopping. Apple “cleaned up” iTunes in an effort to quell users’ concerns, but hackers still find workarounds. Unfortunately, these fake apps pose a real threat to the security of your network. Especially if your company has anything but the strictest BYOD (bring your own device) policies in place. And the more your network’s users socialize and shop on their smartphones, the greater the risk of a damaging breach on your network.
Fake apps look just like real apps. They masquerade as apps from legitimate merchants of all stripes, from retail chains like Dollar Tree and Footlocker, to luxury purveyors such as Jimmy Choo and Christian Dior. Some of the more malicious apps give criminals access to confidential information on the victim’s device. Worse yet, they may install a Trojan horse on that device that can infect your company’s network next time the user logs in.
So what can you do?