05 December 2023

Netskope Threat Labs has released a report warning the retail sector to be vigilant that, unlike other industries where Microsoft OneDrive is both the most popular app used and the most popular app for malware downloads, Google apps are the main conduit for malware in retail.

While OneDrive is the most popular app used in retail, Google Drive and Google Gmail took the top two spots for malware delivery in the sector. Trojans are the primary attack mechanism, tricking retail users into downloading other malware payloads. Many of the malware families aim to steal banking information, credentials, personal information, and credit card information.

The popularity of WhatsApp is also well above the other sectors - on average, WhatsApp use in retail is three times more popular in retail than other verticals, ranking only behind OneDrive in terms of both uploads and downloads. This poses a serious risk not only because WhatsApp is a common delivery channel for malicious content such as malware or phishing pages, but also because these numbers suggest that the retail sector is using a personal instant messaging app as an enterprise collaboration tool, increasing the risk of data theft or data exposure - a WhatsApp message can be easily forwarded for example.

While the frequency of cloud malware delivery in retail generally follows the pattern of other industries over the past 12 months, peak times - such as April, May and June this year - showed a comparatively high number of malware being delivered via cloud apps in retail. In April, for example, 70% of the malware delivered to retail were via cloud apps - 10% more than other industries.

The report finds that Google Drive, Google Gmail, and WhatsApp are among the top five most popular apps for downloads in retail - and all three are significantly more popular than they are in other industries.