Fake ‘Pokemon Go,’ Malicious ‘Minecraft’ Apps Spreading Malware to Enterprise Networks
Apps spreading malware, especially popular knockoffs of games like “Minecraft PE” or “Pokemon Go”, pose significant hazards to business and government networks. In a recent blog post, Trend Micro gives a detailed rundown of DressCode, a fairly new exploit researchers have detected in more than 3,000 apps and 400 online marketplaces.
DressCode is baked into innocent-looking consumer apps, with titles like “Mod GTA 5 for Minecraft PE,” which attackers upload into Google Play or third-party app stores. Users then download the apps and play them, executing the malware within, thereby connecting infected devices to a remote server from which they execute remote commands. These commands can generate ad clicks for revenue, carry out distributed denial-of-service (DDoS) attacks or transfer data from network devices.
With 82 percent of businesses currently supporting bring-your-own-device (BYOD), consumer apps living on employee devices have become serious concerns for business and government networks. In addition to DressCode, other malware varietals can extract passwords, images and other sensitive information from a mobile device, putting both the user and the organization at risk.
Shielding the Network
Mobile device management (MDM) and enterprise mobility management (EMM) solutions have grown more sophisticated to helping organizations deal with the inevitability of BYOD. EMM can prevent potentially dangerous actions, like sideloading from personal devices to company endpoints or connecting jailbroken or rooted devices to the network. It can also use remote configuration monitoring to block devices and user accounts that fail to abide by company security policies.
Security researchers discover new vulnerabilities in mobile apps daily, revealing security holes in apps that seemed harmless yesterday. Patching and updating are critical for security, but patching one app or operating system can create incompatibilities that bring vital business functions to a halt. David Geer, writing for CSO, recommends running patches in a sandbox, scheduling them for production on a few pilot servers and then deploying to the full organization. If problems come up in production, you can examine whether the incompatibilities created by patching outweigh the potential risk of leaving the application unpatched.
To shield an organization’s data when apps spreading malware infect an employee’s or vendor’s phone, those with access to sensitive data and high-level clearance should only use devices that support data encryption. Security consultant Lisa Phifer, writing for TechTarget, recommends auto-configuring key employees’ devices to enable full device encryption as well as encryption for removable media, when possible. She also suggests deploying self-encrypting applications to segregate company data from personal data, as well as configuring devices to store as little company information as possible.
Encryption is imperfect. It doesn’t prevent the removal of data, but it does make it at least temporarily indecipherable to the attacker who siphons it off. It also provides some degree of protection from regulatory fines and compliance violations in the event apps spreading malware result in a data breach.
The User’s Responsibility
When Niantic released “Pokemon Go” in the U.S., reports CNN, the app’s popularity exceeded all expectations. Pokemon fans in other countries wanted in on the action, but developers provided no official international release date.
Attackers seized on the opportunity by downloading “Pokemon Go,” deconstructing it, adding malware and uploading the corrupted version to third-party app stores and other venues. Security firm Proofpoint, as reported by Fortune, found one “Pokemon Go” knockoff available for download on a popular file-sharing site, complete with a shiny new remote access tool (RAT) called Droidjack that allows attackers to take control of user phones.
Downloading consumer apps from a third-party store onto a phone that accesses a business or government network is never a good idea. Neither is jailbreaking or rooting devices to get unauthorized apps from third-party sites like Cydia. In addition to educating employees about unauthorized apps, IT should also require them to use a virtual private network (VPN) when accessing company resources remotely. Because man-in-the-middle (MiTM) attacks can intercept the security handshake between an app and the vendor’s server, it’s important to teach employees about the dangers of connecting to unsecured Wi-Fi networks.
Apps Spreading Malware Are on the Rise
Between January and August 2016, Trend Micro’s Mobile App Reputation Service saw a 40-percent spike in mobile app malware detection. Smart EMM controls, supplemented by continual employee education, can protect an organization’s network and the precious data within it.
Image Source: Flickr