Threat Category: Mobile Application Store
ID: ECO-21
Threat Description: A popular method of distributing links to malicious applications is direct links to the application files. These links can be distributed over several channels, including QR codes, NFC tags, and SMS messages.
Threat Origin
How to Protect Yourself From Malicious QR Codes 1
Exploit Examples
Find and Call app becomes first trojan to appear on iOS App Store 2
An investigation of Chrysaor Malware on Android [^AndroidWebBlog-1]
CVE Examples
Not Applicable
Possible Countermeasures
To prevent the installation of malicious applications, prohibit sideloading of apps and the use of unauthorized app stores
To decrease the time to detection, use app threat intelligence data to identify malicious applications installed on devices.
Use features such as Apple iOS Managed Apps, Android for Work, or Samsung KNOX Workspace that provide additional separation between personal apps and enterprise apps to mitigate the impact of malicious behaviors.
Educate users about the risks of activating links in emails or SMS messages, and instead encourage users to identify the app where hosted by an official app store.
References
A. O’Donnell, “How to Protect Yourself From Malicious QR Codes”, blog, http://netsecurity.about.com/od/securityadvisorie1/a/How-To-Protect-Yourself-From-Malicious-QR-Codes.htm [accessed 8/25/16] ↩
J. Cheng, “‘Find and Call’ app becomes first trojan to appear on iOS App Store,” Ars Technica, 5 July 2012; http://arstechnica.com/apple/2012/07/find-and-call-app-becomes-first-trojan-to-appear-on-ios-app-store/ ↩