Not all apps are created equal. Some introduce serious risks for phishing, malware, or data breaches, especially when they’re adopted by employees without IT approval. And while blocking a website at the domain can prevent unauthorized access on your network, many applications have hundreds or thousands of domains—simply blocking the main domain might not be enough to prevent access.
We’ve analyzed the data of billions of DNS queries available through our protective DNS tool and conducted research to identify more than 100 high risk apps that expose businesses to phishing and malware. It’s important to note that the applications themselves are not necessarily malicious, but that they share certain characteristics that make them 1. Easy to exploit, 2. Attractive to bad actors, and/or 3. Shadow IT.
With that said, here we’re highlighting key categories of applications that create security blind spots and have historically been used as attack vectors, and will explain how DNSFilter’s AppAware helps IT managers detect and block them before they cause damage.
Shadow IT and Risky Applications in the Workplace
Shadow IT, where employees use unapproved apps and services, is one of the biggest challenges facing IT and security teams today. Apps that seem harmless on the surface can bypass corporate protections, creating potential for new attack surfaces and data leaks.
These unauthorized applications usually skip security reviews, and attackers take advantage of that gap. They use frequently overlooked tools to launch phishing campaigns, host malware, or trick users into sharing sensitive information. Without visibility and strong application blocking in place, businesses leave themselves open to compromise.
Messaging Apps and Phishing Risks for Businesses
Messaging apps are a staple of both personal and professional communication, but they also create opportunities for attackers. Public platforms make it easy for threat actors to hide in plain sight, build fake identities, and send messages that look trustworthy. From there, it only takes one click for a user to end up on a malicious site or hand over their credentials. These apps have become a playground for scams, phishing, and malware campaigns that slip past traditional security tools.
- TikTok has been recognized as a privacy and security concern due to data breaches and past internal privacy violations. Despite the risks, TikTok domains make up 3 of the top 5 most queried social media domains on the DNSFilter network. Of note, 63.4% of DNS queries are blocked by user policies for one of those TikTok domains alone.
Even platforms marketed as private or encrypted, like Signal, aren’t immune to vulnerabilities. For IT managers, these messaging apps can’t be taken at face value, they require careful monitoring and, in some cases, outright blocking.
File Sharing Apps: Security Risks and Malware Threats
File sharing platforms remain some of the highest-risk apps in enterprise environments. Teams use them to collaborate on projects, share large files, and keep workflows moving. But the same convenience that makes these tools popular also makes them a prime target for attackers. When security controls are weak, file sharing platforms can turn into malware hosts, phishing launchpads, or even command-and-control channels for more advanced attacks.
- Dropbox has been used in typosquatting campaigns and malvertising attacks.
- Box has faced phishing attempts where attackers impersonated trusted users to deliver malicious files.
- uTorrent and The Pirate Bay remain hotbeds for pirated software bundled with trojans and cryptojacking code.
Without proper filtering, these applications become easy entry points for data theft and malware infections.
Remote Desktop Tools: Vulnerabilities and Exploits
Remote desktop software is a critical business tool, and a favorite of cybercriminals. The Remote Desktop Protocol (RDP) itself has been a leading vector for ransomware operators, and third-party apps are no safer.
- TeamViewer has been exploited in real-world breaches, including an attack on a water treatment facility where an account lacking MFA was the entry point.
- RemotePC is widely used but inherits the same inherent vulnerabilities of RDP, making it an attractive target for brute-force password attacks.
VPNs and Proxy Apps: Risks to Business Security
While corporate VPNs managed and monitored by the IT team are a standard part of the security stack, personal VPNs and proxy applications inside a business network can create blind spots. When employees use them to route around security controls, IT teams lose visibility. Attackers take advantage of this lack of oversight, exploiting known vulnerabilities in popular VPN services or hiding malicious traffic inside encrypted tunnels. What looks like a harmless privacy tool can quickly become a pathway for ransomware or data theft.
These tools blur visibility for IT managers, making it difficult to enforce security policies and increasing the risk of compromise.
Generative AI and ML Apps: New Business Security Risks
A new category of risk has emerged with generative AI and machine learning applications. These tools are appearing in more corporate networks than ever, often without IT approval. As companies try to balance productivity with security, many are turning to application blocking to curb the rise of shadow AI. DNSFilter data shows that in March alone it blocked over 60 million generative AI requests—about 12% of all such queries. This surge highlights how quickly these tools have become both an asset and a risk. While they can drive productivity, they also introduce unique security concerns:
- ChatGPT, Claude, and Perplexity are increasingly used by employees, often without IT oversight. Sensitive business data can be pasted into prompts, raising concerns about data leakage.
- Jasper and Anyword AI generate content but may integrate with third-party plugins or APIs that create additional exposure.
- Beautiful.ai and Suno showcase how AI-powered creative tools can become part of daily workflows, yet many haven’t undergone enterprise-grade security vetting.
The risks here aren’t just theoretical. From prompt injection attacks to unregulated third-party wrappers, these apps represent a fast-moving security frontier. Businesses need visibility into their usage before data is inadvertently exposed.
How to Mitigate High-Risk Apps in Business Environments
The reality is that no IT team can manually track every new app employees install. High-risk apps aren’t just productivity drains, they’re potential attack vectors actively used by cybercriminals to spread malware, steal data, and bypass IT controls. With threats evolving across messaging platforms, file sharing tools, VPNs, and generative AI, businesses need an automated way to identify and control risky applications. AppAware gives IT managers the visibility to uncover and block high-risk apps across these categories by:
- Monitoring DNS queries to uncover risky or unauthorized applications on the network.
- Flagging apps known to be exploited for phishing, malware, or data theft.
- Blocking these applications with a single click—even when they span multiple services.
By understanding which applications carry the highest risk and leveraging AppAware to block them, IT managers can significantly reduce exposure across their networks.
AI-powered DNS protection isn’t just the future—it’s how you stay ahead today. Start your free trial of DNSFilter and AppAware to see how proactive DNS protection makes all the difference.
Risky Apps for Business: Top Malware and Phishing Threats
What DNS Needs To Be When It Grows Up: Protective
From Just Monitoring to Actionable Insights with SIEM and SOC
