External Threat Management

Unmasking Masque Attack: Which Mobile Threats Should Really Worry CISOs

There has been a lot of press on Masque Attack and WireLurker over the past week. They're both interesting cases that serve as cautionary tales of possible future threats, but thus far neither have proven to represent a clear and present danger to mobile app users today. The main threat facing brands today is that mobile applications are collecting data with black market value, which makes them targets for cyber thieves. However, brands and companies can take advantage of mobile app store monitoring software solutions to address this mobile application threat.

Debunking the Firestorm

Masque Attack was an attack created by researchers in a lab, and WireLurker has yet to demonstrate that it's capable of dropping data-stealing malware. Even the experts who analyzed WireLurker don't consider it to be dangerous at this time.

Greg Olson, Research Director for Palo Alto Networks (the firm that discovered WireLurker), stated, "I don't think [WireLurker] is going to be a huge widespread problem." This assumption was made due to the fact that Apple maintains a high level of control over the iOS app store.

Additionally, this type of threat is not as new as recent reports may suggest. The technique called sideloading used in Masque Attack and WireLurker has been observed in the past. In 2013 it was discovered that Chinese pirate site 7659 was exploiting Apple's bulk enterprise licensing tools to distribute free versions of paid App Store applications for iPhone and iPad.

While these new discoveries don't represent a clear and present danger today, they may lead to bigger problems in the future, especially if companies do not use mobile monitoring or mobile app store monitoring software solutions.

The Real Threat Now

Mobile assets belonging to corporate brands are prime targets for cyber thieves looking to extract valuable data. The key takeaway from WireLurker and Masque Attack is that no mobile platform is impervious to cyber threats. Because customers are taking a risk by sharing sensitive data with mobile applications, brands need to secure their official applications and to detect and remove illegitimate ones in all platforms, especially from unofficial Android and iOS app stores. Ensuring that your company has evaluated mobile app store monitoring solutions and consistently follows mobile security best practices are part and parcel with providing a good user experience and operating a customer focused business.

Mobile programs will fail if effective security measures aren't put in place to address risks like rogue mobile applications wrapped in enterprise brands and/or imitating proprietary functionality that have been refurbished with data-stealing capabilities. Apps released by partners, rogue business units or vendors under the brand name are vulnerable to intrusive permissions and mobile-specific malware like Svpeng.

RiskIQ monitors over 8 million mobile applications in more than 90 mobile app stores around the globe in order to detect malicious, fake or rogue apps imitating our clients' brands. We help our clients build effective mobile app store monitoring and security management programs from live data sources. With RiskIQ, enterprises can establish proactive mobile security practices that include app store monitoring to protecting their users from cyber thieves.

Back to RiskIQ Blog

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor