What are repackaged applications and how can my enterprise defend against them?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Repackaged applications are fraudulent versions of legitimate applications.
To create a repackaged app, a malicious developer could download a legitimate application from a legitimate app store, extract its legitimate files, make malicious changes and then repackage it. The malicious developer could also change the Active Directory library or insert ads into the app so he can get revenue from it.
Repackaged apps also often include the malicious files rather than redirecting users to it. In addition, the repackaging may include signing the file with a fraudulent code signing certificate so when the app is installed it would not generate a warning that the app wasn't signed. One the changes are made, the malicious developer publishes the repackaged app in an app store, and then simply waits for users to download it.
Mobile Security Engineer Peter Yan wrote in a Trend Micro Inc. blog post that the fraudulent applications they identified were not available from the Google Play store; Google has vetting mechanisms to check if files being published or their user interfaces are similar to existing apps. While the Play store has the controls in place to detect and reject repackaged apps, other app stores with less rigorous vetting -- or with the specific intent to distributed modified versions of legitimate apps -- might not reject them.
To combat the risks of repackaged apps, enterprises should update their security awareness campaigns and advise employees to only use approved app stores or use a mobile security tool to block repackaged apps. Requiring app download approval or outright blocking unapproved app stores will also help prevent these types of attacks.
Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.