The existence of fake mobile apps poses privacy and financial risks to users of the mobile web. As experts figure out the dangers of the consumerization and the lack of security of mobile devices, fake apps continue to grow.
Fake apps usually ride on the popularity of legitimate apps—for example, recently fake emails said that users had received voice mail from WhatsApp. These fake messages try to trick users to download them onto their mobile devices, from which they usually perform a combination of these malicious routines:
- send text messages to premium-rate numbers,
- steal data,
- control device for botnet operations,
- alter default text and background,
- lock device,
- send GPS location, and more.
Russia, a Big Fake Apps Player
Recent Trend Micro research on SMS fraud found that fake apps that abuse premium mobile services have their roots in Russia and are expanding from there. Russia is the top target for premium service abusers in part because there are few standard app stores in the country, which makes third-party app stores popular.
Figure 1. Countries most affected by SMS fraud
Cybercriminals will continue to broaden their coverage to other countries and regions. Given the lucrative ways that mobile devices can be abused, it is highly likely that many cybercriminals will move to mobile platforms as their primary income source. This month’s mobile review talks about why searching for popular apps is becoming dangerous – thanks to fake apps.
Inside a Premium Service Abuse Infection
Fake apps that abuse premium mobile services go through a series of stages before enrolling a user without their consent. Our infographic The High Cost of Premium Service Abusers conveniently explains the four stages of a premium service abuse infection and why downloading these apps is just the first of a list of concerns.