FakeApps World

Today, a term smartphone is in fact used in every person’s vocabulary. The use of modern technologies is a standard which cannot be denied. The ownership of such products is a commonplace in the society and a kind of social status by using particular brands and their iconic devices.

The spread of mobile devices has boomed over the last few years and has grown not only into rapid technology development but also into development and distribution of different applications used by these devices. The word application is used as a synonym for functions of mobile phones, tablets or notebooks which facilitate our work, entertain us or help us in communication with other people.

Playground for Hackers

A mass distribution and production of applications has its dark side too. Unfortunately, along with useful applications there are so called FakeApps disseminated on the Internet or applications which fail to meet the stated purpose and their aim is to spread a malicious code on an infected device. Their growth is almost identical with the growth of legitimate applications and so the users often cannot distinguish which application performs defined functions.

The aim of such applications is various. In many cases there are applications which spread so called adware, i.e. a malicious code intended for spreading of unwanted ads. But via such fake applications the attacker can spread much more dangerous malware which without the knowledge of the user retrieves sensitive data in the smartphone; it enables the attacker to use for example the camera or abuse the devices for distributed DoS attacks. The range of options is almost unlimited and the production and distribution of such applications is becoming more sophisticated.

An example from the recent past – attackers created the application called “Update WhatsApp Messenger”. In order to pretend the application legitimacy, they used the Unicode trick and put a blank space after the name of the application manufacturer in the form of a special character which had not been visible in the name of the application manufacturer. So, the application gave the impression of being directly from the WhatsApp manufacturer. More than million users downloaded the application from the virtual official Google store. Since the users trusted the manufacturer and believed that the application was produced by that very company, they downloaded the application on the assumption that it was the update of a well-known communications tool. Luckily, it was just adware which was spreading the unwanted ads. But it is not enough to satisfy with the fact that the Google Company deleted the application from its store and also the majority of users deleted the application. Such examples can be considered as a sufficient reminder of how to access the individual applications in virtual stores.

Protect Yourselves

Protection against unwanted applications is very simple. All you need to do is follow the simple rules:

  1. Verification of the application legitimacy is the basic element. You should not rely on the fact that the application “looks” like the real one in the virtual store. Search the manufacturer’s website on the Internet and make sure that the application was produced by him.

  2. Study in detail which permissions the application asks for during the installation. If you find strange that a game asks for permission to access the camera, your contacts or changes in phone memory, it can be a malicious application. Search an alternative, read reviews or do not install at all the application.

  3. Use the security features of virtual stores. For example the Google Company which runs the Google Play Store has created the Google Play Protect in order to protect the users against downloading and spreading of malicious applications. That applies to devices of the Apple Company as well – protection against unwanted applications is provided directly by the company.

  4. Do not install applications from unverified sources. Though, many devices support the installation of applications from other sources than is a default virtual store but without a previous thorough check it is not wise to install such applications.

The world of applications is wide and offers a lot of clever functions which facilitate our lives. However, we can observe efforts to breach trust between the user and the application manufacturer through the production and distribution of fake and malicious products. Nevertheless, it is possible to fight against such attacks – by checking, verification and use of official applications from the trusted manufacturers whose number is still sufficient.

(Author: SK-CERT)

« Späť na zoznam