I've been hearing more and more about malware posing as legitimate security programs on mobile devices. Are there...
any ways to detect these malicious programs, either through the network or on the devices themselves? How can I help employees detect such programs in a BYOD environment?
Fake antimalware programs have been successfully posing as real apps in attacks against Windows PCs for years. Now attackers are starting to employ the same social-engineering techniques in malware attacks against mobile devices; successful attack techniques are incorporated into attack toolkits just as new features are added to traditional software.
Enterprises can help employees in a bring your own device environment to prevent and detect malicious apps primarily though security awareness. First, be sure to tell employees to only use approved app stores that require signed applications. Employees should also check the reputation of the app in the app store and review its positive or negative reviews.
Standard enterprise security tools can also be used. For example, VPN systems can run a host security scan to detect malware or insecure configurations, and network monitoring tools could notify employees if their device is detected as infected. Employers should also put in their mobile security policy that end users must install a mobile security application or use an enterprise mobile device management system; these could detect and remove malware.
To mitigate the risk of SandroRAT, enterprises could strip Android application files from email as there are few legitimate reasons to install Android applications from emails. Additionally, instructing users to only install apps from trusted app stores will help prevent malicioius applications from getting installed by clicking a link in an email or SMS message to download what may or may not be a "real" app.
Ask the Expert!
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.