Manage Learn to apply best practices and optimize your operations.

How can malicious apps posing as real apps be detected?

Malware masquerading as legitimate applications is a rising problem. Enterprise threats expert Nick Lewis outlines how to detect and mitigate this type of malware.

I've been hearing more and more about malware posing as legitimate security programs on mobile devices. Are there any ways to detect these malicious programs, either through the network or on the devices themselves? How can I help employees detect such programs in a BYOD environment?

Fake antimalware programs have been successfully posing as real apps in attacks against Windows PCs for years. Now attackers are starting to employ the same social-engineering techniques in malware attacks against mobile devices; successful attack techniques are incorporated into attack toolkits just as new features are added to traditional software.

Enterprises can help employees in a bring your own device environment to prevent and detect malicious apps primarily though security awareness. First, be sure to tell employees to only use approved app stores that require signed applications. Employees should also check the reputation of the app in the app store and review its positive or negative reviews.

Standard enterprise security tools can also be used. For example, VPN systems can run a host security scan to detect malware or insecure configurations, and network monitoring tools could notify employees if their device is detected as infected. Employers should also put in their mobile security policy that end users must install a mobile security application or use an enterprise mobile device management system; these could detect and remove malware.

One example of a malicious app posing as a real app is the SandroRAT malware. It is distributed by both spam SMS text messages and as an attachment on emails.

To mitigate the risk of SandroRAT, enterprises could strip Android application files from email as there are few legitimate reasons to install Android applications from emails. Additionally, instructing users to only install apps from trusted app stores will help prevent malicioius applications from getting installed by clicking a link in an email or SMS message to download what may or may not be a "real" app.

Ask the Expert!
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)

Next Steps

Learn more about securing mobile devices and creating mobile security policies.

This was last published in March 2015

Dig Deeper on Mobile security threats and prevention