Mobile threats spoofing organisations apps

Employees tend to use apps everyday to complete their work and usually everything runs smoothly, however, when malicious actors start impersonating those apps, disaster can strike within the IT Department. 

Research suggests that there are five families of malware that often impersonate enterprise apps by ripping off the legitimate app’s name and package name.



This type of malware was originally developed as a remote administration tool. AndroRat allows a third party to control the device and collect information including location, call logging, contacts and audio from the microphone and is now used maliciously by other actors. Hidden access software allows hackers to recoil both corporate and personal data from the device. By having continued access to a device,this allows the attacker to access corporate Wi-Fi and other networks the device is connected to.

Common examples of the apps it tends to spoof include Skype and Business Calendar.


Shuanet automatically roots itself to a device, installs itself on the system and then downloads further applications. The effect of the malware can be malicious or mild, as an attempt to get more downloads. Malware such as Shuanet is extremely difficult to remove from the system, even factory resetting of the device does not completely remove the threat. Examples of the apps it tends to attack are Google Authenticator and Duo mobile.


PJApps will collect and leak the victims phone number, location and the mobile device unique identifier (IMEI). To make money this malware will send messages to premium rate numbers. The actual technology used within this malware is a huge risk to the business enterprise under attack particularly when the malware accesses location, valuable company information could be revealed such as business plans, particularly when it is senior executives/managements devices under attack. This malware is likely to attack apps such as CamScanner.


This malware contains an advertising network which may push ads on to your notification bar and download large files without asking. The most significant risk to an enterprise is the loss of time and money as a result of the malware interrupting an employees work. Examples of targeted apps include the Mobile app of Blackboard Learn and Adobe Reader.


Unsafe Control can collect information and download it to a third party’s server.  It also has the ability to spam a contact list or send SMS messages to phone numbers specified by its command and control (CNC) servers. The main risk to the enterprise is that Unsafe control steals contact information which could potentially be extremely sensitive and valuable information. Google Keep and Skype are commonly targeted.

What are you doing to protect your enterprise? It is clear that these malware apps have great potential to effect your business. From stealing sensitive data to slowing down computer/employee performance. If you ensure your enterprise has the correct software put in place you are greatly reducing your company’s risk of being attacked by harmful malware.