Stay up to date

Stay up to date

Mobile Application Security

Impostor Apps Put Android Users At Risk

Picture of Roxane Suau
By Roxane Suau on August, 7 2017

In an article published in March, we were informing you about the risks behind malicious clones of popular applications. Five months later, impostor apps are still trying to access our data and to target more users.

When a game like GTA San Andreas charms millions of players, it also catches the attention of many malware creators, who see an opportunity to create clones that imitate the app’s appearance but house one or several malwares.

Applications malicious clones, ranging from stylistically similar to perfect copies, ask for more permissions than the original apps to perform their malicious activities. Knowing that on almost every Android versions, permissions are automatically approved when installing an application and that users pay little attention to them, it is quite easy for bad intentioned people to access users’ data.

Hidden under familiar and trusted names such as “Word” or “Virus killer”, here are a few examples of impostor apps and their true nature:

microsoft-word-app.jpeg

App name: Word

Malware type: Banking malware, collects user’s bank info and send it to a remote entity.

Sha1: d5d3f17377651f281f03d02228698dade7f55863

version: 1.0

Package name: com.uzuwjapc.wynav 


easy-button-app.png

App name: Easy Button

Malware typeData sending Trojan, sends user's phone number, account information (name of an account -e.g. gmail, login, password…), device identifier and phone network information to a remote entity.

Sha1: df09d9181f2953ef1d85ada2176852a8af57c0c0

Version: 1.3

Package name: com.typ3studios.easybutton


Virus Killer.png

App nameVirus Killer

Malware typeTrojan, steals device information (IMEI, OS type, network operator) and users’ data (on the device and SD card memory) and sends them to a specific server.

Sha1: 25dee640f87db159e97210e53d9631040a35f03a

Version: 2.2.2

Package name:  com.safesys.viruskiller 


Boost & Clean Pro.png

App name: Boost & Clean Pro

Malware typeRansomware

Sha1: afe2d4ec4ae8250f8d3131338b6158e9a3c6f3a2

Version: 0.5

Package name: com.robocleansoft.boostvscleanapp 


flash-player-app.jpg

App name: Flash Player

Malware type: Banking malware, collects user’s bank info, intercepts OTP.

Sha1: 48e6fd9cd4b65e8f1b84c8a00401340520c63464

Version: 2.0

Package name: com.go.sfad.cas 


gta-san-andreas-app.png

App name: Grand Theft Auto: San Andreas

Malware typeData sending Trojan, sends location, information about installed apps, device identifier, network  / device / hardware information to a remote entity.

Sha1: 6473b9109de1da42f6451525aff57c878c309e10

Version: 1.4

Package name: com.gta.sanandreas 


lara-croft-go-app.jpg

App name: Lara Croft GO

Malware typeSMS trojan, sends SMS messages to premium rate phone numbers.

Sha1: d5846a0d971a5db244f543a25a80520ebe101e57

Version: 2.0.53878

Package name:  com.squareenixmontreal.lcgo 


kingdom-rush-origins-app.png

App name: Kingdom Rush Origins

Malware typeAdware, displays malicious ads, pop-ups and redirections. It also uses the well-known kind of malware version Android/Fobus to steal data.

Sha1: d90dc80bfdeb33efab6bb4e255d8b1a6ecc22c5f

Version: Unknown

Package name: app.net_android_system_file_download_210110217


 

The variety and amount of impostor apps show how much potential there is for hackers to use apps to steal sensitive data and that users are not rigorous enough regarding apps security. The first step to stay away from malicious clones is to never download applications from unofficial app stores. Even though the Play store sometimes lets vulnerable or corrupt applications through its gate, it still performs a first level scan of the applications it hosts, which is not the case of third-party app stores.

For companies, it’s advised to use a Mobile Threat Defense solution that will automatically test any apps installed on employees’ devices and block them if they feature a malicious behavior.

 

Discover Pradeo's Mobile Threat Protection solution.

Integrate PRADEO SECURITY to your EMM/MDM: AirWatch, MobileIron, IBM MaaS360, SOTI

 

Get in touch with mobile security experts

Contact us