Blog

Quick Heal Security Labs
Beware of these fake apps on Google Play Store that use ‘Jio/Jeo’ in their names
July 24, 2017

beware_of_fake_jio_jeo_apps_google_play_store

Jio took the Indian telecom market by storm when it made its entry with free unlimited calls and data offers. People went into a kind of frenzy for acquiring this service. And with its ‘truly unbelievable’ offers, Jio also launched an array of apps on Google Play Store such as Jio4GVoice, JioChat, JioMusic, etc. And unsurprisingly, these apps also became popular with many. And this is where cybercriminals came into action. Recently, Quick Heal Security Labs found 3 fake apps in the Play Store that go by the names ‘Jio Speed Booster’, ‘JEO Validity Extender& Checker’, and ‘JWO Validity Extender& Checker’ and these have already been downloaded over 5,00,000 times. Let’s take a look at each of these apps in detail.

 

1. Jio Speed Booster

Fig 1

Fig 1

About the app
The app claims that it helps you configure your device to get the best possible network from Jio. The app’s graphical user interface looks like what’s shown in the below figures.

 

Fig 1 (a)

Fig 1 (a)

 

Fig 1 (b)

Fig 1 (b)

 

Fig 1 (c)

Fig 1 (c)

Our Analysis

  1. The app asked us to accept its ‘Terms and Conditions’, but we could not find them anywhere.
  2. The app pretended to ‘search for bands’ by displaying a fake progress bar and displayed a message as shown in fig 1 (c). In the background, however, the app started loading advertisements.

Verdict
The Jio Speed Booster App does nothing to boost your Jio network but consumes a large amount of data to display unwanted advertisements.

Status
The app has been removed from Google Play Store after Quick Heal Security Labs reported it.

 

2. JEO Validity Extender&Checker

Fig 2

Fig 2

About the app
The app claims to help Jio users to check their plan’s validity and extend it. The below figures show how the app looks like.

Fig 2 (a)

Fig 2 (a)

 

Fig 2 (a)

Fig 2 (b)

 

Fig 2 (c)

Fig 2 (c)

Our Analysis

  1. After selecting ‘JEO VALIDITY CHECK’ it asked for a Jio SIM number. When we entered one, we found that the app did not really verify when the number is registered with Jio or if it belongs to a different service provider. It only validated whether it is a 10 digit number.
  2. In the next step, the app asked for details including Jio mobile number, name, email ID, city, and state.
  3. The provided details were sent to a third party website exposing them to an untrusted source.

Verdict
The JEO Validity Extender&Checker app does not do what it says but tricks the user into revealing their personal information.

Status
The app has been removed from Google Play Store after Quick Heal Security Labs reported it.

3. JWO Validity Extender&Checker

Fig 3

Fig 3

About the app
The app works in the same way as JEO Validity Extender&Checker does but only differs in its user interface (fig 3)

Status
The app has been removed from Google Play Store after Quick Heal Security Labs reported it.

 

Third-party fake apps

We found apps similar to the above three on third-party app stores. One of these is the The JIO Upgrade APP that claims to offer a free upgrade to Jio services. Fig 4 represents a web page where it asks the user to download the app and enjoy 25 GB of Internet per day for lifetime.

Fig 4

Fig 4

Our Analysis
Scammers are spreading the link of this web page through WhatsApp so that they can attract a large number of users.

Verdict
Jio hasn’t declared any such offers officially and these offers are clearly fake.

Fig 5. WhatsApp message claiming extra benefits for Jio users

Fig 5. WhatsApp message claiming extra benefits for Jio users

How do attackers benefit from these fake apps

These fake apps were created to either steal user’s personal information (as seen in the case of the JEO Validity Extender&Checker) or serve the user with a large amount of ads (Jio Speed Booster). Both these activities generate revenue for the attacker.

As verified by VirusTotal, Quick Heal Mobile Security Apps were the first to detect all these fake apps under the Android.FakeJeo family and report them to Google, post which these apps were removed from the Play Store.

VirusTotal Results:

#Tip: How to read these results?
The left column shows the name of the antivirus software and the right column shows the detection. If the detection column has a green tick mark, this means that the antivirus has not detected the app as unsafe or fake. During the time when this post was written, no other antivirus detected these fake apps except Quick Heal.

JIO Speed Booster
https://www.virustotal.com/en/file/3f0de67198c23cc959dc209bc0bbe27ca771edd09bb6d1a59a3b6be0702b51c2/analysis/1500889476/

JEO Validity Extender&Checker
https://www.virustotal.com/en/file/76406562de2f9a3ad632692fe1f13802c50ea43615f78f81665cd957bce2a81e/analysis/1500889476/

JWO Validity Extender&Checker
https://www.virustotal.com/en/file/6f17efd2e5f01b1dc61ecf38f91af848fabb1594633c8b3b638c1a2e27c91616/analysis/1500889476/

For a technical analysis on these apps, please download the PDF report given below:

PDF icon

Also read: How to Identify Fake Apps in the Google Play Store

Important Update
Apparently, the Jio Speed Booster app has been added again to the Play Store and this time it’s been named ‘Jio Speed Booster for 4G Prank’ (fig 6). Despite the name change, the link to this app remains the same.

Fig 6

Fig 6

 

 

Acknowledgment

Subject Matter Expert
– Omkar Gurav, Rohit Bhange | Quick Heal Security Labs

 

This post was last updated on 25.07.2017

SHARE THIS STORY

Have something to add to this story? Share it in the comments.

Quick Heal Security Labs
About Quick Heal Security Labs
Quick Heal Security Labs is a leading source of threat research, threat intelligence, and cybersecurity. It analyzes data fetched from millions of Quick Heal...
Articles by Quick Heal Security Labs »

3 Comments

Your email address will not be published.

CAPTCHA Image

  1. krishan yadavAugust 12, 2017 at 7:08 AM

    GOOD

    Reply
  2. sirajo mohammedAugust 16, 2017 at 1:18 PM

    the QuickHeal Anty virus is the largest removal of malware protection in my point of view. tanx for that

    Reply
  3. Sanjoy SardarAugust 21, 2017 at 4:24 AM

    GOOD WORK

    Reply