<img src="//bat.bing.com/action/0?ti=5163419&amp;Ver=2" height="0" width="0" style="display:none; visibility: hidden;">

Nextech Blog

Fake Apps & Rogue Software: The Growing Security Threat, Pt. 1

Posted On 06/29/2015 by Nathan Brown

Real-or-Fake.pngForgeries, fakes, and counterfeit products have been around for thousands of years.  About 2,000 years ago, Roman sculptors were copying preexisting sculptures from the ancient Greeks.  Of course, back then, no one really cared that the statues weren’t authentic.  They just liked how the sculptures looked and copies were more affordable than the rarer originals.  In 1496 Michelangelo, the legendary Renaissance artist (just in case you thought I meant the ninja turtle) was hired by an unscrupulous art dealer to create a fake reproduction of what was supposed to be an “ancient” Cupid statue.  The dealer who then sold the work was later caught for selling the fake and was forced to refund the buyer’s money.  Luckily for Michelangelo, he was allowed to keep his fee.

Fast forward to the Information Age of today, where the art of forgery has invaded the digital world in the form of fake mobile apps and rogue security software.  Thousands of people unintentionally download such programs every day.  If they’re lucky, they only downloaded a fake program that didn’t actually do anything and just found themselves out a bit of money.  More than likely, though, the download came with a nasty little “gift” they didn’t count on—such as a virus, adware, spyware, malware or even worse… ransomware (a fairly new cyber security threat that can cause any infected device to be disabled, or “remotely locked,” allowing cybercriminals to demand a monetary “ransom” from the user for them to “unlock” it).

Free Apps, Fake Apps, & Other Scary App Things

A digital milestone occurred in 2014, when mobile devices and apps overtook personal computers as the primary tools used to access the internet in the United States.  Mobile devices made up 55 percent of all internet traffic in Jan. 2014, and mobile device apps accounted for 47 percent.  Meanwhile, internet traffic from PCs fell to a 45 percent minority of all internet traffic.

This really shouldn’t be all that surprising, if you look at how technology has rapidly changed in recent years.  According to a 2014 study by PEW research, 64 percent of U.S. adults own smartphones and 42% own tablets.  Once apps became the main way we access the internet, unfortunately, it was only a matter of time before cybercriminals stepped in to take advantage.  In the past, smartphones were considered somewhat immune to viruses and malware as PCs made for much easier targets.  However, this has begun to change in recent years. Smartphones can no longer be considered better protected from hackers or malware than PCs.

Encounters with malware among Android device users rose 75 percent in 2014.  Overall encounters with ransomware also reached unprecedented levels in 2014.  In fact, two scripts of ransomware (ScarePackage and ScareMeNot) were ranked among the top five most frequently encountered mobile threats for that year (in both the U.S. and certain European countries).

Why such a sudden and significant spike?  To put it simply, it’s because of all the apps.

Well… perhaps that’s not fair.  It isn’t all of the apps.  It’s mainly the free and fake apps that are causing all the problems.  And it’s not all the free apps, either… just a minority of bad apples.  But you know what they say about bad apples.

You may now find yourself thinking about some of those free apps you’ve downloaded over the years.  Don’t worry… there’s no need to freak out just yet… you’re probably fine.  This is especially true if you are an iOS/Apple user.  The crew over at iTunes have a pretty strict vetting process for both new and updated apps.  As a result, very few malware-laden apps make it into the iTunes store, and the handful that do seem to get caught pretty quickly.  The same cannot be said of the Android app stores, such as Google Play, unfortunately.  They’re far less strict with app releases, and this has led to quite a lot of occurrences of fake or free apps loaded with spyware, malware or ransomware.

Back in February of this year, for example, a card game app sold on Google Play called Durak was found to contain malicious code.  The scary part about the whole thing is that no one figured out the app was loaded with spyware and adware until it had already been downloaded more than 5 million times.  The adware remained dormant until the user rebooted the phone, then it would sometimes cause a popup to occur that claimed the user’s device was infected with malware (which, technically, would be true).  It would then lead the user to free “security” apps that were actually just more disguised malware (we’ll look more closely at rogue security programs later in the second half of this series).

Fake apps, both free and for-pay, are just as big a problem.  Just last year, a study by Trend Micro recorded the existence of at least 890,482 fake apps on the market.   After examining the top 50 free apps on Google Play, they found that no less than 77 percent of them had fraudulent or “copycat” versions elsewhere in the store.  Take, for example, the apps shown in the below image (taken from the Google Play store in 2014).  Two of them are labeled “Mozilla Mobile,” and even display what appears to be the Mozilla Firefox logo.  However, both of these apps are fakes.  The legitimate app is called “Firefox Browser for Android.”  The “Kaspersky Mobile” app in the image, which displays a similar but unauthentic version of the Kaspersky Labs logo, is also a fake.  The logos on real Kaspersky Labs apps are actually an aqua green color.

free_and_fake_apps.png 

Most of these fakes, especially those offered for free, contain malware.  Some are just trying to make a dishonest buck by counterfeiting real apps and fooling users into paying for their fakes (which, if you’re lucky, do nothing).  For example, another app in the provided image—Virus Shield.  While it is no longer available for purchase, this “mobile security app” caused quite a ruckus not too long ago.  Uploaded to the Google Play store on March 28, 2014 by Deviant Solutions, the so-called “Virus Shield” app sold for $3.99 a download on the Google Play store.  Within 10 days, the app was downloaded over 30,000 times.  It was briefly the #1 most popular paid app on the Google Play store. 

Buyers of the app believed they had purchased an antivirus program that was capable of scanning for and removing viruses and assorted malware from their devices.  What they actually bought, unfortunately for them, was nothing more than an app with a pretty icon that, when tapped, would open an animated graphic that made it appear as if the app was working.  It wasn’t.

That’s right… in reality, the Virus Shield app was 100% useless.

When it came to virus scanning, it didn’t do anything.

Nothing.

Zilch.

Nada.

Zero.

Later on, investigators figured out that Deviant Solutions was actually owned (much to Google’s embarrassment) by a 17-year-old kid in Texas by the name of Jesse Carter who, up until that point, was somewhat well known in various gamer communities for his ability to hack online role-playing video games. Some estimate that Carter was able to bank roughly $50,000 dollars from sales of the fraudulent app before he was shut down.

Deviant Solutions and Carter have since apologized and tried to save face by claiming that they truly intended to upload a working version of the app but uploaded the wrong version due to a “foolish mistake.”   The damage to their brand reputation is already done, however.  The Virus Shield app was removed from the market and anyone who purchased it received a full refund (from Google).  Hoping to lessen the damage to their app store’s reputation, Google also went a step further and gave all users who bought the app an additional $5.00 voucher that could be used in the Google Play store.  Sadly, Carter’s action have also damaged the brand reputation of another company, Deviant Solution Group, who actually build legitimate and useful apps.  However, due to the name similarity they are often mistakenly thought to have been associated with Carter’s actions (they were not).

Avoiding the App Trap

Here are two simple tips for avoiding dangerous, fake, or fraudulent apps:

  1. Look at the User Reviews: Always look at the user reviews, even if just briefly, before you download an app. By this, I mean look at them closely, and not necessarily just for what they say. For example, if an app only has 1,000 downloads and yet somehow it magically has 2,500 5-star reviews… this obviously means that most (if not all) of these reviews are fakes. On the flip side, always take look at the 1-Star and 2-Star reviews and scan them for mentions of certain red flags, such as “This app requires you to give it a review before you can even open it,” or “This app is just a portal to YouTube, so they’re charging for a service that’s already free on the YouTube app.”
  2. Make Sure the Developer’s Name Matches Up: This is a big one. You see, the developers of these fake apps can rip-off the names of other apps.  However, they can’t so the same when it comes to the developer name.  The developer name can usually be found in the area labeled “Published by” or “Developed by.”  Let’s say, for example, you find an app that looks legit and claims to be “Amazon for Mobile” but the developer name is ShockJockLabs, LLC.  Any authentic Amazon app, it stands to reason, would be developed and published by Amazon.

Thank you for reading the first half of this blog series on identifying and avoiding the pitfalls of fake mobile apps and rogue security software.  In the second and final article, we will be taking a look at the various problems being caused by the increasingly widespread occurrence of rogue security software and “AV malware” apps.

Interested in adopting BYOD? Click here to get started.

Topics Security