RSA, the security division of EMC (EMC), introduced today a managed service that monitors app stores (such as the Apple App Store and Google Play) and detects and shuts down "rogue apps." RSA defines a rogue app as "any mobile app available through any app store posing as a legitimate app and utilizing well-known brands globally to target the end users of those brands to distribute malware, to execute phishing attacks or even just for financial gain," according to Berk Veral, senior product marketing manager for RSA's Identity Protection and Verification Group, who spoke in an RSA podcast that aired this morning.
The market for the service is large, global companies that use app stores to deliver mobile applications to their employees and customers, Veral says. "Because they're very big, they're susceptible to these types of attacks in the app stores." Global financial services, retail and gaming companies are the biggest targets for fraudsters, Veral says.
According to a security survey conducted by Goode Intelligence, 71 percent of organizations allow their employees to use their own mobile devices for company business. It's difficult for employees to tell the difference between real and fake apps — 86 percent of all Android malware is actually repackaged versions of legitimate apps, but with malicious payloads, according to the Android Malware Genome Project, Department of Computer Science at the North Carolina State University.
