Fake mobile apps. How to protect yourself?

Fake mobile apps. How to protect yourself?
Fake apps, Android, iOS, Mobile malware, App Store, Google Play Store
Written by Wilbur Woodham
People got so used to all the technologies out there in the world that they often forget: the device in your pocket is a computer million of times more powerful than the systems used for the moon landings in 1969. Incredible, isn’t it?

You’ve probably heard about those fake banking mobile apps. They’re ones which pretend to be from some legit bank but actually perform quite deceptive actions. They actually belong to the banking trojan malicious apps family. But it’s not enough to talk only about these. There are not only fake banking apps but a whole range of ones that try to fake different stuff. We will walk you through them so you would know what they are, and how they work. You will learn the most common signs of malicious or fake apps presence. Additionally, you will see what are the most common kinds of such apps, and do they only affect Android or iOS as well. Finally, we’ll answer the most important question – how to stay away from them?

Short statistic on mobile apps usage

Before we start with the main questions I want you to know the following interesting statistics on this topic. Currently, in the world there are almost 6.3 bln smartphone users1 and that’s nearly half of the total population on Earth. With such growth, the downloads of mobile apps are steadily growing too. For the period from 2016 to 2020 the number of downloads of mobile applications for the quarter increased by more than 1.5 times – from 20 billion to 36 billion. In total, over 204 billion downloads were made in 2020. The number of mobile applications in stores is growing as well. According to statistics, about 100,000 new apps for Google Play and 30,000 apps for the App Store appear every month.

Naturally, in places where information technologies are used so massively you can meet numerous cyber fraudsters. Obviously, there will be more of them than elsewhere. Their main purpose is information stored on phones, which can be both personal (photos, copies of documents, bank card data) or work-related. Sometimes leakage of certain types of such information can be extremely unpleasant for their owner. For a long time attackers used social engineering and other similar techniques to steal information. They devised to some degree sophisticated kinds of schemes. But nowadays everything is much more simple: all you need is for the user to download a fake application on their device that will pretend to be real. It can even be with real functions but it will also silently perform certain malicious functions.

Fake and legit WhatsApp

Legit and fake WhatsApps in Play Market

However, such programs are also engaged not only in data theft, but also in cryptocurrency mining, advertising fraud, etc.
Of course, Google Play and the Apple Store do not look indifferently at cybercriminals creating apps with illicit purposes. They are actively fighting such programs: apps are reviewed before publication, and also periodically later. But the reality shows even this is not enough to completely screen out fraudulent applications.

What are common signs of malicious or fake mobile apps presence?

It’s never too late to check everything once again. Even if you are sure you don’t have any mobile malware on your device. Maybe that quick battery drainage comes directly from some kind of malware hiding in your phone. Of course, there may be plenty of reasons for that fast discharge, but malware activity may be one of the reasons. So here are some warning signs you should pay attention to in case they appear. It should be mentioned that the signs are common both for iOS and Android.

High CPU temperature

High CPU usage and temperature caused by malware

Long-term effects of malware presence

  • Device temperature. If you noticed that your device temperature rises when it’s in an idle mode then the sure thing might be that your device has actually got an infection. Basically, it could mean that computation and communication are happening beyond the typical background alerts and updates. Especially when idle your device should not be that hot. When it’s the case then it means both the processors and the power are being consumed by something.
  • Battery life reduction. It often happens when you use an older version of a mobile device you start to think that it’s quite normal for a mobile battery to get older and discharge faster as well. But the case might be that some malware on your phone drains all the juice from the battery.
  • Speed reduction. Some types of malware primarily target the computing power of your device. Modern smartphones and tablets boast the powers of what you would call a supercomputer a decade ago. And if you are not that much of a gamer or multitasking person the high usage of computational powers should definitely alert you. In addition, you might notice that apps take longer to respond or web pages pause before continuing to load. The same as with the other cause for mobile malfunction there could be different reasons but you have to consider malware as well.
  • If that thing happens for a long time, you will likely detect an irreversible effect – wear. In particular, your battery is in danger. Since the charge in the electrolyte, as well as its conductivity, depends on the temperature, the long-time overheating may lead to a sharp decrease in the peak battery capacity. In very rare cases it may even lead to battery explosions.

    Visual symptoms

    Duplicated apps

    Multiplicated Play Market is not normal

  • New or duplicated applications. If a new app appears on your phone and you actually don’t remember downloading it then it could be that the malware present on your device had already downloaded it or it`s the malware itself.
  • Sudden pop-ups. It’s no wonder to see a pop-up ad from time to time on your mobile phone. The only attention we give them is just clicking them away. But the presence of the thing might hint at the presence of malware. Besides that, it can also add unwanted bookmarks or website shortcuts to your home screen avalanching you with tons of pop-ups and all to lure you to click the advertisement. Some of these notifications when you click on them can install additional portions of malware. So it’s better not to follow them even from pure interest unless you have enough skills to recognize and avoid the viruses.
  • Banners that cover your home screen. The vast majority of malicious apps send you pop-up messages – it is much easier to make such a program. However, some of them can spam you with the banners that cover your main screen. Moreover, tricky crooks can hide the cross symbol that closes this banner. Therefore, you will just be forced to press the ad and give the fraudsters their penny. Fortunately, it is a pretty rare tactic. And don’t be confused with the same banner ads on Xiaomi devices – they have the built-in advertising app2, that shows you similar banners. It is annoying, but legitimate, and you can disable it any time.
  • What are the most common kinds of malicious and fake mobile apps?

    Cybercriminals exploit different types of mobile malware, since the purpose of their activities is different. Mobile devices nowadays are used more actively than desktops or laptops, hence their chance to get more personal or valuable information is bigger. That’s why there is a strict division on malware for money and malware for the valuable info.

    Malware for private information

  • Banking Trojans. As the popularity of these kinds of apps is on the rise, the same goes for cybercriminals. They embrace the opportunity and actively create fake apps that hide within themselves a banking trojan for stealing credentials. Cybersecurity experts say that revenue from such apps can sometimes be quite substantial.
  • Ransomware. This type of mobile malware is an amalgamation of two. Most of the samples do not just block your screen or cipher your files. It also steals the data before the encryption. The user pays the money, and then receives the codes to unlock the phone. Fortunately, it is quite rare on mobile devices, and in the case of locker, can be removed easily. However, the “classic” ransomware variants are as dangerous as their PC contemporaries.
  • Android ransomware examples

    Android Screenlockers – the peculiar variant of ransomware

  • Backdoors. Threat actors often distribute this kind of malware as trojan programs hidden within games or customization tools. Cybercriminals use them to redirect network traffic through an encrypted tunnel to a third-party server. Most likely they will use it for sending phishing emails, conducting DDoS attacks, exploiting traffic for ad click revenue. Users may delete the app with malware hidden but the backdoor will stay in the device continuing the malicious work.
  • Remote Access Tools (RATs). Cybercriminals use this kind of app to get broad access to victims’ device data and even conduct prolonged intelligence surveillance. With RATs cybercriminals can get access to such information as SMS data, web browsing history, address books, call history and installed applications. RATs may also allow cybercriminals to enable device cameras, send SMS messages and log GPS data.
  • Just making money on you

  • Fake Applications. That is the specific category of apps that intentionally mimic those popular ones by copying every detail. They will have the same images, music and load screens as the legitimate app. But their purpose is either to redirect users one more time to download other malicious apps like mobile miners or spyware.
  • Mobile miners. Mobile phones are everywhere, they are easily infected and with the power they pose, threat actors can successfully exploit them for mining. The mining can make your device unusable, and even damage the hardware elements causing overheating.
  • Advertising Click Fraud. Simply an app that generates income for cybercriminals through fake ad clicks.
  • Fake ads on Android

    The example of fake ad demostrated by adware

  • Browser exploits. A part of a suspicious app that overtakes control of your browser and the apps that work within it such as PDF reader. May lead to any type of infection, including the installation of other malicious apps.
  • Users should know that the list could never be enough written because often the kinds of malicious apps overlap with one another combining several features, for example, a fake app can also be a trojan virus or RAT.

    How to avoid malicious and fake apps?

    Even though cybercriminals won’t give up creating malicious and fake apps, you can protect yourself from them and their apps by simply knowing the most common ways they get to you.

    The first and the most obvious rule is to download any app only from the official stores, no side downloads. Usually, cybercriminals put their “traps” on various sites with freeware. These murky sites offer the highest chances possible that someone will eventually download the app. If it’s not the official app store then look for the legitimate site of the app you wish to download.

    But even if you download something from an official app store it would not be odd to check the reviews, the official website of a developer, rates. On the official website for the app, you can also find a link that will redirect you to this specific app in the app store so you won`t need to find the app by yourself.

    Avoid the apps that are blocked in your country. Most likely the ones you will find on the app store are just the counterfeits.

    Things to pay attention

    Before downloading look carefully at what types of access the app is asking. A simple calculator won’t need access to your contact list. Go through each app that you have on your phone and see what access they have been granted. Delete the apps that you no longer use.

    Don’t forget to update the software regularly. I mean both operating system and third-party applications. It will make you protected against the latest uncovered vulnerabilities.

    Don’t root your device as it puts your security in more danger than before. Rooting or jailbreaking your phone means that the internal protection of the device has been surpassed and the user now has unrestricted access to the operating system. People do this in order to install third-party apps that their operating system won’t support or they make certain customization that was not possible with the default protection.

    You see the cyberworld as the real one is full of danger but the right knowledge will guide you truthfully. The practice shows that mobile devices can fall in danger the same way as your PC and is in most cases your main device can put you in danger as well.

    User Review
    0 (0 votes)
    Comments Rating 0 (0 reviews)


    1. See the stats about the number of smartphone users on Statista.
    2. Thread on Quora about the advertisements in the new MIUI firmware.
    Fake mobile apps. How to protect yourself?
    Fake mobile apps. How to protect yourself?
    We used to trust the apps in the Google Play Store and App Store. But can you even suppose that there are so many malicious counterfeits on these platforms? See how to recognize&avoid them.

    About the author

    Wilbur Woodham

    I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

    Leave a Reply