Fake apps flood the App Stores, posing significant risk to users

• 20 Nov 2023
• TM Team
• 0 Comments

According to DerSecur mobile threat research team, in the first three quarters of 2023, there was a 32% increase in fake applications impersonating popular services. The team analyzed 372 applications and noticed that banking and cryptocurrency applications are the most common targets. And many gaming applications are exploited to install malicious code on gadgets.

With more people turning to digital content, the mobile application market is becoming a new target for cybercriminals. More often than not, their goal is to steal users' credentials or payment data and spread malware.

Dan advises users to check several critical parameters when installing the app to protect themselves:
- The developer's name. Is it someone you can trust?
- The number of downloads, the more the better
- Reviews. Do they look credible?
- The application's update history. Keep in mind that on average, a fake app remains in the store for 64 days.

Developers
One of the reasons for the proliferation of fake apps is the accessibility of ChatGPT. This tool makes it easy to build a mobile app even for those with minimal coding knowledge. Dan states that "Revolutionizing the tech world, ChatGPT now makes mobile app development accessible to all. This unparalleled breakthrough empowers even complete beginners to craft their applications guided by intuitive coding and real-time error debugging."

This highlights a trend of rapid and relatively effortless development of counterfeit applications. As we find ourselves amid this new era, there is a surge in the number of malicious applications in app stores. Nowadays, even an untrained teenage hacker could create a fake app in a few days. Dark Web malware templates and artificial intelligence services are available to generate convincingly authentic replicas of existing apps. And the rest is simple - just post them across users' favourite platforms.

The main goal of a fake app is to mimic the appearance and functionality of the original, enticing users to download it. Fake apps' names can differ by only one to two letters from the legitimate versions. This means that it's imperative for users to verify spelling accuracy.

Reviews
Examining the tone of user reviews can also provide valuable insights. Negative reviews may highlight potential issues, while plenty of positive reviews might hide manipulation, as cybercriminals know how ratings and reviews impact user choices.

Dan Chernov further explains, "By entering a login and password into a fake app, users grant access to all personal information stored on their devices. Thus, it is crucial to meticulously review all requested permissions before granting access. Cyber hygiene practices, such as two-factor authentication, create an extra layer of data protection".
Keeping applications up to date and ensuring that installations and updates are always done through official stores is vital. Antivirus software provides an additional protection, helping detect and eliminate viruses in real-time."

To verify an application's authenticity, you may visit the developer's official website. Download the app directly from the store link provided.

For extra control, use app security control tools such as DerScanner. Make sure to use a product, which combines static, dynamic, and software composition analysis (SAST, DAST, SCA). This mix of tools can discover malicious and vulnerable applications within minutes.