A common risky behavior found in mobile apps is the reporting of contacts and calendar info to marketing frameworks and ad networks. With this information out in the wild, enterprises are potentially vulnerable to more effectively targeted spearphishing attacks.
Here’s how it works: An attacker must perform reconnaissance to lay the foundation for a successful attack. To do so, the attacker leverages contact and calendar data in order to craft a spearphishing email.
By selecting a recent calendar entry, the attacker can determine other meeting attendees. It is then a trivial step to devise an email which references the meeting, and which includes a malware-laden attachment with a file name that’s related to the meeting subject.
By matching contacts to meeting attendees, the attacker can write text suitable to the contact’s role and title. The email sender is spoofed so the email appears to come from the trusted meeting attendee, and the email text makes it look legit.
Once the attachment is open, the initial stage of the breach has begun.
Appthority’s latest Enterprise Mobile Threat Report goes in depth on spearphishing and other significant mobile app threats. Get it here.