We are excited to announce that Rogue Apps is now generally available in Huntress Managed ITDR. Rogue Apps is Managed ITDR's latest capability to detect and remediate malicious enterprise applications in your Microsoft tenants. Rogue Apps detects two forms of malicious applications:
Traitorware - legitimate applications found by Huntress to be frequently abused by attackers. To-date, our list of Traitoware applications included eM Client, PerfectData Software, Newsletter Software Supermailer, Rclone, and CloudSponge. We will continue to expand this list as we discover more use-cases.
Stealthware - unknown applications which are rare and have powerful permissions. These globally unique single or multi-tenanted malicious applications provide threat actors a backdoor into an identity or tenant environment.
This new capability detects and disables Traitorware and Stealthware applications in your tenant(s), and disables identities with permissions delegated to these applications. You can access the Rogue Apps dashboard under the ITDR icon in the left navigation panel in the Huntress portal. Here, you can view all installed applications across all of your tenants.