News

Beware! That App You’re Downloading Might Not Be Real

Some apps are not what they seem

  • Cybercriminals copy real smartphone apps and add malware.
  • Android users are most vulnerable to fake apps.
  • The best way to avoid fake apps is to only download them from approved app stores.

Malware detected warning screen with abstract binary code 3d numbers concept

Ole Media/Getty Images

The next app you download might look legitimate but actually contain malicious code that can steal your personal information.

A new report has found that cybercriminals are copying real smartphone apps and inserting malware. Cybersecurity firm Pradeo found that hackers were using fake apps from more than 700 third-party websites with third-party app stores outside of the official Google Play store. It is part of a growing industry of real applications containing malicious code.

“Popular apps with millions of downloads, like Angry Birds, are prime targets for cybercriminals,” Ray Kelly, a researcher at cybersecurity firm NTT Application Security, told Lifewire in an email interview. “These apps are primitive A direct copy of a game or similar style to trick users into downloading it, and are often found in unofficial app stores and downloaded without any protection, leaving users vulnerable.

Think twice before downloading

The Pradeo report warns that Android users are at greater risk of fake apps. Android phones have more unregulated app stores because Google’s operating system is designed to make it easier to download apps from outside the Google Play store.

The researchers said they found copies of many official apps, including Spotify, ExpressVPN, Avira Antivirus and The Guardian. The app’s makers claim that the software is free, but in reality they infect mobile devices with malware, spyware, and adware.

“Code vulnerabilities and a lack of good security practices make it easy for hackers to copy code and inject it into mobile apps.”

In one example, researchers reported finding hundreds of modified versions of the original Netflix app online. More than disguised as the company name and logo, the interface of the fake Netflix app looks almost identical to the original’s previous version. All fake apps are injected with malware, spyware or adware.

“Code vulnerabilities and a lack of good security practices make it easy for hackers to copy code and inject it into mobile apps,” the report’s authors wrote. “By impersonating well-known apps, rogue apps trick users into stealing their personal information and committing various forms of fraud.”

Users who try to circumvent system requirements are often the ones who end up with fake apps. Android users may find that their phone is too old or incompatible with the Google Play Store, so they head to one of the third-party sites to download the app they’re looking for.

“While people think they’re getting legitimate copies of apps, in some cases these clones are not monitored by any security group and are actually being used by criminals to steal banking and login information,” said senior director T. Frank Downs The proactive service of cybersecurity firm BlueVoyant told Lifewire in an email interview. “So regular users may think they are using a banking or shopping app, but they are actually passing important information to these cybercriminals.”

One way fake apps are distributed is through scammers placing ads on social media sites pretending to be legitimate companies, Downs said. However, when users click on the ad, they are redirected to a fake website to download the APK file. Sometimes attackers even get in through messaging apps like WhatsApp and help victims install malicious code.

Cropped image of hacker with smartphone and computer.

Vasily Pingurin/Getty Images

be careful

The best way to avoid fake apps is to download apps from approved app stores such as Google Play Store and Apple App Store. You shouldn’t download apps from people or organizations you don’t know, Downs said.

However, malicious apps can sometimes bypass official app store security controls, Michael Covington, vice president of portfolio strategy at cybersecurity firm Jamf, said in an email interview.

“Users should always pay close attention to apps listed in official app stores for key clues,” Covington said. “Does the app icon look good? It must match the company’s official branding. Does the developer profile look good?”

Take a moment to look at the app company’s official website, Covington said. Be careful if user reviews appear to be fake or negative. You should read the latest reviews as well as negative reviews to familiarize yourself with what other people have to say.

“Don’t rely on the most popular reviews appearing, as they may change,” Covington added. “These are good signs that the app isn’t real.”

Content

Beware! That App You’re Downloading Might Not Be Real

Some apps aren’t what they seem

Cybercriminals are duplicating real smartphone applications and inserting malware. 
Android users are most at risk from fake apps. 
The best way to avoid fake apps is by only downloading applications from approved app stores.
Olemedia / Getty Images

The next app you download might look legitimate but actually contain harmful code that could steal your personal information. 

A new report finds that cybercriminals are duplicating real smartphone applications and inserting malware. Cybersecurity firm Pradeo found that hackers are using fake apps outside the official Google Play Store from over 700 external websites with third-party app stores. It’s part of a growing industry of real apps that contain malicious code. 

“Popular apps with millions of downloads—such as Angry Birds, for example—are prime targets for cybercriminals,” Ray Kelly, a fellow at the cybersecurity firm NTT Application Security told Lifewire in an email interview. “These apps are a direct copy or similar style as the original game to entice users to download it and are typically found in unofficial app stores and are sideloaded without any protections, leaving an unsuspecting user vulnerable.”

Think Before You Download

The Pradeo report warns that Android users are most at risk from fake apps. There are more unregulated app stores for Android phones because the design of Google’s Operating system means that it’s easier to download apps from outside of Google’s Play Store. 

The researchers said they had identified many copies of official applications, including Spotify, ExpressVPN, Avira Antivirus, and The Guardian. The app makers claim the software is free of charge, but in fact, they infect mobile devices with malware, spyware, and adware.

“Code vulnerabilities and a lack of good security practices make it easy for hackers to copy and inject code into mobile applications.”

In one example, the researcher reported finding hundreds of modified versions of the original Netflix application online. More than simply impersonating the company’s name and logo, the interface of the fake Netflix apps looks nearly the same as older versions of the original. The counterfeit apps had all been injected with malware, spyware, or adware. 

“Code vulnerabilities and a lack of good security practices make it easy for hackers to copy and inject code into mobile applications,” the report’s authors wrote. “By impersonating well-known applications, counterfeit apps trick users into stealing their personal information and committing various frauds.”

Users that try to dodge system requirements are often the ones who end up with a fake app. Android users might find that their phone is either too old or unsupported by the Google Play Store, so they go to one of the third-party sites to download the application they are looking for. 

“While individuals think they are getting a legitimate copy of an app, in certain instances, these clones are not vetted by any security organization and are, in fact, used to steal login and banking credentials by criminals,” T. Frank Downs, the senior director of proactive services at cybersecurity company BlueVoyant told Lifewire in an email interview. “As a result, everyday users can think they are using a banking app, or a purchasing app, but in fact are handing over key information to these cybercriminals.”

One way fake apps propagate is through scammers taking out ads on social media sites, posing as legitimate businesses, Downs said. However, when users click the ad, they are directed to a fake site to download an APK file. Sometimes, attackers will even reach out through messaging apps, like WhatsApp, and help victims install the malicious code. 

Vasily Pindyurin / Getty Images
Staying Safe

The best way to avoid fake apps is by only downloading applications from approved app stores, such as the Google Play Store and the Apple App Store. You should never download applications provided by people or organizations you don’t know, Downs said. 

However, sometimes malicious applications can bypass the official app stores’ security checks, Michael Covington, the vice president of portfolio strategy at the cybersecurity firm Jamf noted in an email interview. 

“Users should always look closely at applications listed on the official app stores for critical clues,” Covington said. “Does the app icon look right? It should match official company branding. Does the developer information look right?”

Take some time to look at the app’s official company website, Covington said. Be wary if the user reviews look fake or are they negative. You should read through the most recent reviews, along with those that are negative, to familiarize yourself with what others have said. 

“Don’t rely on the most popular reviews displayed as that can be tampered with,” Covington added. “These are all good signs the app is not the real one.”

#Beware #App #Youre #Downloading #Real

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Back to top button