Fake apps are apps created by cybercriminals to cause harm to users and their devices. They are designed to resemble legitimate apps but instead carry out malicious activities. These activities include monitoring your activity, installing malware, showing annoying ads, or stealing your personal information.
How does fake apps work?
Fake apps can be distributed in various ways. They can be hosted on third-party app stores or fake app stores. Cybercriminals can even use official app stores to distribute fake apps, despite the security measures in place.
A cybercriminal can register themselves as a developer on any app store, download a legitimate app, and rewrite it using malicious code. Then, they can upload their fake app to the app store.
While Google says it reviews all apps and developers, it is still possible for malicious apps to appear in the Google Play Store. Google constantly removes fake Android apps from the Play Store, including fake antivirus, browsers, and games. While Apple’s App Store only allows vetted applications, it is reported to sometimes still host fake apps. From the point of view of the attackers, mobile devices are ideal targets – they travel almost everywhere with their owners, contain details about their private lives and the infections are very difficult to prevent or detect.
Sometimes, fake apps are circulated through social engineering campaigns. For example, scammers may use emails or SMS messages that appear to be from your bank, credit card company, or other brands to trick people into downloading applications that will compromise their data. Sometimes fake apps may pose as a fake Android update or a security update, but clicking on the links may lead to your information being stolen.
