Blog

Anand Singh
Fake Apps – a new emerging trend!
November 14, 2017

Recently we had blogged about a fake WhatsApp app on Google Play. And soon after we started observing more fake apps getting hosted on Google Play. Interestingly, these fake apps were having good ratings and download count which clearly suggest the growing trend of fake apps in the Android world. These fake apps look like their official counterparts but they have some malicious intent. They might steal user data, display unwanted ads, push down the ratings or downloads of popular apps. These fake apps basically piggyback the popularity of genuine apps to fool users. This post discusses two fake apps observed by Quick Heal Security Labs.

Pandora Plus

Package name: net.pandoplus.android

MD5: 7da97bf129b0f241cf59aaa29ce762fb

Size: 3.3 MB

Pandora is a famous app for listening to online songs and is available for Android and iPhone devices. Below is a screenshot of a fake Pandora app that recently emerged on Google Play.

Fig 1: Fake Pandora app, its rating and downloading count

Fig 1: Fake Pandora app, its rating and downloading count

The fake Pandora app is named as ‘Pandora plus’. After installation, it asks the user to register and provides customizable music options which the user wishes to listen. If the user taps on the ‘Next’ button, they get redirected to a webpage where the user has to rate 5 stars to get a pin code which is required to start the music app.

Fig 2: Fake Pandora app redirecting user to a rating page

Fig 2: Fake Pandora app redirecting user to a rating page

But, even if the user gives 5 stars, the whole process is repeated in a loop and the user never receives the pin code.

So, the aim of the fake app’s developer was to get a high rating as well as the download count through this app.

Fig 3: Reviews by app users

Fig 3: Reviews by app users

The fake Pandora app’s rating is 4.8 which is more than that of the original app. It has been removed from Google Play.

 

The fake app ‘Pandora plus’ was reported to Google Play for removal by Quick Heal Security Labs.

Quick Heal detection

  • Android.Fakeapp.AE

 

Avast Internet Security

Package name: com.app.avast.anti.spiapp.geektop

MD5: 3b05b4910bdd8a3cd6f42c460bc6341c

Size: 4.3 MB

We detected another fake app that was present in Google Play bearing the name ‘Avast Internet Security’.

Fig 4: Fake Avast Internet Security app

Fig 4: Fake Avast Internet Security app

This fake app was described as ‘Avast Internet Security latest version for limited users’ on the Google Play. This was to trick users into thinking that this is a new app from Avast and should be downloaded soon. Even this app has been removed from Google Play.

Quick Heal detection

  • Android.Agent.A2322

Safety measures

  1. Never rate an app before using it. Remember, a genuine might request you for a rating but would never force you to do so. Beware of apps that strongly ask you for your rating even before you can access them. These are mostly malicious or fake.
  2. Before downloading any app, check its reviews. It might have acquired fake ratings as we saw in the case of the fake Pandora app.
  3. Install a reliable mobile security on your phone that can block the installation of fake and malicious apps.

 

Have something to add to this story? Share it in the comments.

Anand Singh
About Anand Singh
Anand is an Android Malware Analyst at Quick Heal. His interests include Android security, reading, and...
Articles by Anand Singh »

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image