Why is phishing so efficient on mobile?

Posted by Roxane Suau on October 15, 2020

Phishing is a hacking technique that makes a user believe that he is interacting with the interface of a trusted third party (his bank, an administration, a well-known company...) in order to exfiltrate personal information such as his password, credit card numbers, social security number, etc.

A phishing campaign is characterized, from the hacker's perspective, by the simplicity of its execution associated with the possibility to lead a large-scale attack. Although it originated in the 1990s, this type of attack is still very common today.

 

Read More

In-App Protection | Prevent fraud by thwarting clones and fake apps

Posted by Roxane Suau on September 21, 2020

Despite being built with various shielding techniques, mobile apps are easily cloned or mimicked. As a result, fraud figures have kept growing since the advent of mobile banking and payments, and counterfeit apps infiltrating stores generates serious reputation and trust issues.

 

Read More

Security alert | 6 new apps with Joker malware on Google Play

Posted by Roxane Suau on August 31, 2020

Update September 2nd: The infected applications have now been deleted from Google Play, but are still installed on the devices of their users.


Joker is a malicious bot (categorized as Fleeceware) which main activity is to simulate clicks and intercept SMS to subscribe to unwanted paid premium services unbeknownst to users. By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect.

In the last year, the malware was found hiding in hundreds of apps. Today, Pradeo once again identified infected applications on Google Play (listed below), showing the store's struggle to prevent malicious activities on its platform. Altogether, the 6 apps account for nearly 200.000 installs. Users are advised to immediately delete them from their device to avoid fraudulent activities.

Read More

How to vet mobile apps before issuing them to collaborators

Posted by Roxane Suau on June 30, 2020

Cybersecurity experts are unanimous, mobile apps are hackers’ preferred vector to exfiltrate valuable data from mobile devices. Yet, the flexibility they offer makes them irreplaceable for both work and personal usages. Today, companies cannot afford to forbid public apps usages to their collaborators, even in the most sensitive industries. However, it doesn’t mean they should turn a blind eye to app-related risks.

 

Read More

Application threat analysis/App vetting: how to separate key decision-making insights from pointless information

Posted by Roxane Suau on June 26, 2020

Needless to emphasize that applications stand at the very heart of mobile usages. Except for very specific business cases, mobile workers require flexibility in their apps usage and have to be free to download, on top of the provided set of corporate applications, any other application they might need. In addition, the democratization of BYOD configurations makes no question of the aforementioned.

 

Read More