By Charles Leaver

Bing search results for Snapchat create wide-reaching endpoint security threat

Mobile devices are no longer novelties in the enterprise. Their increasing centrality to sharing and accessing files means that they are approaching parity with PCs, both in terms of impact on productivity and security vulnerability.

Accordingly, it may make sense to formulate a new approach to endpoint management. This tactic would treats all devices as similar data leakage risks and protects the network from cross-platform threats such as the malware redirection recently observed on Microsoft’s Bing search engine.

Bing may be serving up malicious links for search queries about Snapchat
Despite ostensible productivity benefits, mobile devices have also served as a Trojan Horse filled with risky consumer applications. On a technical level, these pieces of software may leak data without the user ever knowing, as Computerworld’s Antone Gonsalves observed. Some security vendors have asked Google to support special sandboxes in Android 4.4 KitKat in order to screen apps for this malicious behavior.

The source of most mobile malware, especially on Android, is third-party app stores that do not adequately vet submissions. A possible issue with Bing reveals the unique risks that these questionable storefronts pose to consumers. Writing for TheNextWeb, Emil Protalinski chronicled the recent discovery of malicious assets named “Snapchat.exe” that pop up in links from Bing search results. The files are named after Snapchat, a popular mobile photo and video-sharing app.

When clicked, the imposter file downloads adware and malware that is unrelated to Snapchat. Since the search results are accessible from any browser or Bing app, a wide range of endpoints could be at risk from these intrusive programs. Endpoint data protection software will be key to shielding IT assets from similar threats that accompany mobility initiatives.

“Legitimate programs being bundled with adware is a common enough tactic, but this is an Optimum Installer bundle where a website serves as clickbait for a deliberately misrepresented app – you most definitely do not get what you’re promised in return for installing numerous pieces of ad-serving software,” explained a ThreatTrack blog post on the discovery.

Taking a different approach to mobile security
The Bing vulnerability illustrates the growing prominence of mobile applications such as Snapchat and the unique ways in which cybercriminals are taking advantage of it. However, despite the surface differences between smartphones, tablets and PCs, they can all introduce risk into the network, and as such it may make sense to approach mobile assets as if they were traditional computers.

InformationWeek contributing editor Michael Davis observed that many of the pillars of mobile security are actually variations on time-honed PC-centric endpoint security practices. Requiring passwords and strong authentication, labeling devices and instituting protections against unauthorized third-party downloads are techniques that are not unique to the mobile space.

It’s possible that widespread concern about mobile malware does not indicate the seriousness of those specific threats so much as it underscores weaknesses in IT network security as a whole. Securing company assets will require multi-layered solutions that keep tabs on threats as they emerge, whether on a desktop or a smartphone, and enable administrators to take action before matters get out of hand.

Get the Blog Here