A recent study by Trend Micro shows that there is a constantly growing number of fake apps masquerading as official ones in order to steal private data from your Android mobile. The online app stores have been invaded by hundreds of thousands of fraudulent apps.
Founded in 1988, Trend Micro is a Japanese security software company based in Tokyo. This corporation is also a certificate authority and member of the CA/Browser Forum, a professional organization that provides Internet security standards for web browsers.
In their study, Trend Micro identified the first 50 apps from Google Play Store then searched for them on Google app store and other sources in order to verify the existence of fake versions. 77% of the apps had at least one fake that resembled the original and offered the same functionality, but served malicious purposes. In total, 890.482 fake apps were indexed in April, and the number is rising steadily. More than half of these fake apps were considered to be malicious, from which 394.263 turned out to be malware and 59.185 were regarded as highly aggressive adware.
Ironically enough, the most common type of fake apps is antivirus software praying exactly on those who seek protection from them. The logic behind this is that every antivirus needs administrative privileges, which make the fake app much harder to remove and give it access to a wider array of information. Since the Android world seems to be much more dangerous than anticipated, here are some of the things that you should be on the lookout for:
Facebank - a mobile banking malware that mimics the mobile banking app used by the owner. This malicious banking app with Trojan-like behavior monitors the baking habits of the unsuspecting user, then spoofs his banking website and steals the login information.
Fake Gaming Apps – these apps take advantage of the success some games have and offer fake sequels or cheats. They generally gather personal information from the targeted phone or push some aggressive adware.
Premium Service Abusers – these nasty little things use fake apps to subscribe the user to some expensive services without actually asking for his or her consent. Generally, the unsuspecting victim will only notice that something is up after the harm has already been done. WhatsApp, the cross-platform messaging application, served as a spam lure duping users into downloading premium service abusers.
Mobile Phishing – this kind of attacks comprises of spoofing (faking) a website, then copying the private information like credit card numbers, social security numbers, etc. that the user types in. PayPal had a serious problem with this during the 2012 holiday season, and the problem remained well into 2013.
With so many fake apps and threats, Android phones are becoming harder and harder to protect. The study by Trend Micro revealed the dangers hidden in on-line apps stores, but how many others are on the way?