Some apps are not what they look like.
- Cybercriminals clone real smartphone applications and inject malicious code.
- Android users are most at risk from fake apps.
- The best way to avoid fake apps is to only download applications from approved app stores.
Olleh Media/Getty Images:max_bytes(150000):strip_icc()/GettyImages-1299483011-a51faa47a51a4b2c8270bcbb65355520.jpg)
The next app you download looks legitimate, but contains malicious code that can steal your personal information.
According to a new report, cybercriminals are cloning real smartphone applications and injecting malware. Cybersecurity firm Pradeo has discovered that hackers are using fake apps outside the official Google Play store on more than 700 external websites with third-party app stores. Part of a growing industry of genuine apps that contain malware.
“Popular apps, like Angry Birds, with millions of downloads, are being used by cybercriminals,” said Ray Kelly, an employee at cybersecurity firm NTT Application Security, in an email interview with Lifewire. “The main target,” he said. “These apps are direct copy or style similar to the original game that tricks users into downloading, usually found in unofficial app stores, and sideloaded without any safeguards, leaving unsuspecting users vulnerable.”
think before you download
Pradeo report warns that Android users are most at risk from fake apps. There are more unregulated app stores for Android phones as the design of the Google operating system makes it easier to download apps outside of the Google Play Store.
Researchers say they have checked many copies of official apps, including Spotify, ExpressVPN, Avira Antivirus, and The Guardian. App manufacturers claim that their software is free, but they actually infect mobile devices with malware, spyware, and adware.
“Code vulnerabilities and lack of security best practices allow hackers to copy code and easily inject it into mobile applications.”
In one example, researchers reported finding hundreds of modified versions of the original Netflix application online. The user interface of the fake Netflix app looks almost identical to the previous version of the original, as well as looking like the company name and logo. All fake apps have been injected with malware, spyware or adware.
“Code vulnerabilities and lack of security best practices allow hackers to copy code and easily insert it into mobile applications,” writes the report’s authors. “Fake apps disguise themselves as known applications to trick users into stealing personal information and committing various types of fraud.”
Users trying to bypass the system requirements often end up with fake apps. Android users may find their phone is too old or not supported by the Google Play store, so go to one of the third-party websites and download the desired application.
T. Frank Downs, Senior Director, Proactive Services, said, “We believe that individuals are getting legitimate copies of apps, but in some cases these clones are not verified by security organizations and are actually used to steal criminals’ credentials.” Cybersecurity firm BlueVoyant joined Lifewire in an email interview. “As a result, an everyday user might think they are using a banking app or a shopping app, but in reality they are leaking sensitive information to these cybercriminals.”
One way fake apps are distributed is for scammers to post ads on social media sites posing as legitimate companies, Downs said. However, when the user clicks on the ad, they are redirected to a fake website to download the APK file. Sometimes attackers gain access to messaging apps like WhatsApp to help victims install malware.
Vasily Findurin/Getty Images:max_bytes(150000):strip_icc()/GettyImages-743701601-99fe65d9376b4fe9a8c677052cf916a0.jpg)
stay safe
The best way to avoid fake apps is to only download applications from approved app stores like Google Play Store and Apple App Store. Downs said you should never download an application from a person or organization you don’t know.
However, Michael Covington, vice president of portfolio strategy at cybersecurity firm Jamf, said in an email interview that malicious apps could bypass the official app store’s security review.
“Users should always carefully review applications listed on the official app store for important guidance,” Covington said. “Is the app icon visible? It must match the official company branding. Does the developer information look correct?”
Covington says he takes the time to check the app’s official company website. Beware if user reviews are fake or negative. You should read the latest reviews along with the negative ones to get used to what others have to say.
“Don’t rely on the most popular ratings as they can be manipulated,” Covington said. “These are all good signs that the app isn’t a real app.”
More information
Beware! That App You’re Downloading Might Not Be Real
Some apps aren’t what they seem
Cybercriminals are duplicating real smartphone applications and inserting malware.
Android users are most at risk from fake apps.
The best way to avoid fake apps is by only downloading applications from approved app stores.
Olemedia / Getty Images
The next app you download might look legitimate but actually contain harmful code that could steal your personal information.
A new report finds that cybercriminals are duplicating real smartphone applications and inserting malware. Cybersecurity firm Pradeo found that hackers are using fake apps outside the official Google Play Store from over 700 external websites with third-party app stores. It’s part of a growing industry of real apps that contain malicious code.
“Popular apps with millions of downloads—such as Angry Birds, for example—are prime targets for cybercriminals,” Ray Kelly, a fellow at the cybersecurity firm NTT Application Security told Lifewire in an email interview. “These apps are a direct copy or similar style as the original game to entice users to download it and are typically found in unofficial app stores and are sideloaded without any protections, leaving an unsuspecting user vulnerable.”
Think Before You Download
The Pradeo report warns that Android users are most at risk from fake apps. There are more unregulated app stores for Android phones because the design of Google’s Operating system means that it’s easier to download apps from outside of Google’s Play Store.
The researchers said they had identified many copies of official applications, including Spotify, ExpressVPN, Avira Antivirus, and The Guardian. The app makers claim the software is free of charge, but in fact, they infect mobile devices with malware, spyware, and adware.
“Code vulnerabilities and a lack of good security practices make it easy for hackers to copy and inject code into mobile applications.”
In one example, the researcher reported finding hundreds of modified versions of the original Netflix application online. More than simply impersonating the company’s name and logo, the interface of the fake Netflix apps looks nearly the same as older versions of the original. The counterfeit apps had all been injected with malware, spyware, or adware.
“Code vulnerabilities and a lack of good security practices make it easy for hackers to copy and inject code into mobile applications,” the report’s authors wrote. “By impersonating well-known applications, counterfeit apps trick users into stealing their personal information and committing various frauds.”
Users that try to dodge system requirements are often the ones who end up with a fake app. Android users might find that their phone is either too old or unsupported by the Google Play Store, so they go to one of the third-party sites to download the application they are looking for.
“While individuals think they are getting a legitimate copy of an app, in certain instances, these clones are not vetted by any security organization and are, in fact, used to steal login and banking credentials by criminals,” T. Frank Downs, the senior director of proactive services at cybersecurity company BlueVoyant told Lifewire in an email interview. “As a result, everyday users can think they are using a banking app, or a purchasing app, but in fact are handing over key information to these cybercriminals.”
One way fake apps propagate is through scammers taking out ads on social media sites, posing as legitimate businesses, Downs said. However, when users click the ad, they are directed to a fake site to download an APK file. Sometimes, attackers will even reach out through messaging apps, like WhatsApp, and help victims install the malicious code.
Vasily Pindyurin / Getty Images
Staying Safe
The best way to avoid fake apps is by only downloading applications from approved app stores, such as the Google Play Store and the Apple App Store. You should never download applications provided by people or organizations you don’t know, Downs said.
However, sometimes malicious applications can bypass the official app stores’ security checks, Michael Covington, the vice president of portfolio strategy at the cybersecurity firm Jamf noted in an email interview.
“Users should always look closely at applications listed on the official app stores for critical clues,” Covington said. “Does the app icon look right? It should match official company branding. Does the developer information look right?”
Take some time to look at the app’s official company website, Covington said. Be wary if the user reviews look fake or are they negative. You should read through the most recent reviews, along with those that are negative, to familiarize yourself with what others have said.
“Don’t rely on the most popular reviews displayed as that can be tampered with,” Covington added. “These are all good signs the app is not the real one.”
#Beware #App #Youre #Downloading #Real
Beware! That App You’re Downloading Might Not Be Real
Some apps aren’t what they seem
Cybercriminals are duplicating real smartphone applications and inserting malware.
Android users are most at risk from fake apps.
The best way to avoid fake apps is by only downloading applications from approved app stores.
Olemedia / Getty Images
The next app you download might look legitimate but actually contain harmful code that could steal your personal information.
A new report finds that cybercriminals are duplicating real smartphone applications and inserting malware. Cybersecurity firm Pradeo found that hackers are using fake apps outside the official Google Play Store from over 700 external websites with third-party app stores. It’s part of a growing industry of real apps that contain malicious code.
“Popular apps with millions of downloads—such as Angry Birds, for example—are prime targets for cybercriminals,” Ray Kelly, a fellow at the cybersecurity firm NTT Application Security told Lifewire in an email interview. “These apps are a direct copy or similar style as the original game to entice users to download it and are typically found in unofficial app stores and are sideloaded without any protections, leaving an unsuspecting user vulnerable.”
Think Before You Download
The Pradeo report warns that Android users are most at risk from fake apps. There are more unregulated app stores for Android phones because the design of Google’s Operating system means that it’s easier to download apps from outside of Google’s Play Store.
The researchers said they had identified many copies of official applications, including Spotify, ExpressVPN, Avira Antivirus, and The Guardian. The app makers claim the software is free of charge, but in fact, they infect mobile devices with malware, spyware, and adware.
“Code vulnerabilities and a lack of good security practices make it easy for hackers to copy and inject code into mobile applications.”
In one example, the researcher reported finding hundreds of modified versions of the original Netflix application online. More than simply impersonating the company’s name and logo, the interface of the fake Netflix apps looks nearly the same as older versions of the original. The counterfeit apps had all been injected with malware, spyware, or adware.
“Code vulnerabilities and a lack of good security practices make it easy for hackers to copy and inject code into mobile applications,” the report’s authors wrote. “By impersonating well-known applications, counterfeit apps trick users into stealing their personal information and committing various frauds.”
Users that try to dodge system requirements are often the ones who end up with a fake app. Android users might find that their phone is either too old or unsupported by the Google Play Store, so they go to one of the third-party sites to download the application they are looking for.
“While individuals think they are getting a legitimate copy of an app, in certain instances, these clones are not vetted by any security organization and are, in fact, used to steal login and banking credentials by criminals,” T. Frank Downs, the senior director of proactive services at cybersecurity company BlueVoyant told Lifewire in an email interview. “As a result, everyday users can think they are using a banking app, or a purchasing app, but in fact are handing over key information to these cybercriminals.”
One way fake apps propagate is through scammers taking out ads on social media sites, posing as legitimate businesses, Downs said. However, when users click the ad, they are directed to a fake site to download an APK file. Sometimes, attackers will even reach out through messaging apps, like WhatsApp, and help victims install the malicious code.
Vasily Pindyurin / Getty Images
Staying Safe
The best way to avoid fake apps is by only downloading applications from approved app stores, such as the Google Play Store and the Apple App Store. You should never download applications provided by people or organizations you don’t know, Downs said.
However, sometimes malicious applications can bypass the official app stores’ security checks, Michael Covington, the vice president of portfolio strategy at the cybersecurity firm Jamf noted in an email interview.
“Users should always look closely at applications listed on the official app stores for critical clues,” Covington said. “Does the app icon look right? It should match official company branding. Does the developer information look right?”
Take some time to look at the app’s official company website, Covington said. Be wary if the user reviews look fake or are they negative. You should read through the most recent reviews, along with those that are negative, to familiarize yourself with what others have said.
“Don’t rely on the most popular reviews displayed as that can be tampered with,” Covington added. “These are all good signs the app is not the real one.”
#Beware #App #Youre #Downloading #Real
Synthetic: Vik News
