Malicious Mobile Apps That Hide Behind Fake Ads

By Avalon Siegel
August 12, 2021
5 min

As a result of Covid-19, people are spending more time on their devices, with many of them downloading new apps to pass the time. And boy are the cyber-criminals having a field day with this. Because of the extensive use and integration of mobile devices and applications into many aspects of life, fraudulent apps have become one of today’s most serious cybersecurity concerns.

According to the examples revealed in 2019, that adware fake apps that have received over 8 million downloads on Google Play, fake apps continued to be a top mobile security threat. Fake apps that utilize baiting tactics like phishing to lure users into installing malicious apps are one of the most serious mobile dangers.

FraudWatch International found that the number of malicious apps doubled in the first quarter of 2020 alone.

How Do Fake Apps Work?

Fake mobile apps are Android or iOS apps that imitate the look and/or functionality of authentic apps in order to fool users into installing them. The programs conduct a number of dangerous behaviors once they have been downloaded and installed. Some bogus apps are made to aggressively display adverts in order to generate ad income, while others are made to harvest credentials. When you install a third-party app, it requests permission to access your data. Fake apps exploit this to gain access to your personal information, often without your knowledge.

How to spot fake apps

The average smartphone user had 40 apps installed on their phone in 2020, and 36.5 billion apps were downloaded globally in the third quarter of 2020 alone. Given the increasing advancement of the world of mobile technology, it’s safe to assume cybercriminals will continue to target this market as thousands of new mobile apps and technologies are made every day.

In a mobile-first world, users will look for mobile applications associated with their favorite brands. Giving users easy access to legitimate applications through official app stores reduces the risk of them downloading fake applications. Regularly check the Google Play Store and the App Store. Organizations can monitor the official app stores and report any abuse of their brands to reduce the negative impact of fake apps. Protect Android and iOS applications. Code hardening and runtime applications self-protection (RASP) effectively prevent mobile applications from being cloned and tampered with.

End-users should avoid downloading from third-party app stores and be attentive to apparent signs of fraud (spelling mistakes in the description, a lack of user reviews, sloppy interface design, etc.) when downloading from an official store. But end-users are not the only victims of fake applications. Organizations can suffer substantial financial and reputational damage when their mobile applications are cloned and their brands associated with fraud.

Don’t believe me?

Two such apps were Android phone barcode reader apps that were downloaded over one million times around the world. These dubious apps were able to operate in the background even when the phone isn’t being actively used by its owner. In addition, the apps are able to disguise themselves by making themselves appear to be other (legitimate) apps. The apps in question have since been removed from the Google Play Store.

However, constant vigilance is required, as illustrated by the fact that similar malware had previously been discovered within other apps – including children’s apps – on Google Play Store.