Scanning the legitimacy of apps, looking for rogue app marketplace downloaders, and scanning for known DarkSideLoader enterprise certificates are the most effect means of limiting the potential impact of rogue apps in enterprise environments.
The top-ten paid apps on the Apple App Store are all available for free on the vShare marketplace, including well-known titles such as Minecraft and Geometry Dash.
These app stores make money by showing advertisements to users. .
Figure 8: Downloaded content for vShare marketplace app.Experience with Android apps shows that users, or their children, may choose to access a rogue app marketplace in order to download games, wallpaper and other media without paying for them. .They can also access apps that give them access to streamed movies and other content, and productivity apps without payment. .Fraudulently obtain a certificate by imitating a real company. . The current owners have been on this domain since October 14, 2015.In the course of further analysis, Proofpoints security research team discovered a rogue app store that allows iOS device users to download apps from a catalog claiming 1 million apps onto their iPhones or iPads without jailbreaking the devices. .Offering free downloads of popular, paid apps represents an attractive lure to draw people to a DarkSideLoader marketplace and entice them to click.The example of Android apps demonstrates the potential of this threat.On iOS 9, clicking on the app will not bring up the Trust button. .When the attacker has the login credentials of an app developer, they can log into their account and either request a new enterprise app distribution certificate, or download a copy of one that already exists.
Stolen credit cards can be used to pay the issuance fee. .
What they do not realize is that these apps could be designed or modified to include malicious code.
These apps could also use known or zero-day security vulnerabilities that could lead to devices being jailbroken or granting administrator privileges to these illegitimate apps.From there they click on the publisher name and select Trust. .The app has been signed with an Enterprise App distribution certificate, issued by Apple. The ability to offer app downloads to non-jailbroken devices through enterprise signing certificates substantially expands their marketplace presence.In iOS 7 and 8, when the user clicks on the app to run it, they are asked if they want to trust the publisher (Fig.Why would someone use a DarkSideLoader marketplace?The marketplace domain has been registered for more than seven years, but traded among owners.Cookies help us deliver our services.What is the danger?The vShare marketplace claims 1M apps are available. .Proofpoint has found over 15,000 iOS apps available through this DarkSideLoader site, compared to over 400,000 apps available on their Android side loading service. .