Quick Heal Security Lab has spotted 28 Fake Apps with over 48,000+ (all together) installations on Google Play Store. Google play has removed a total of 28 fake apps from the Play Store after reports by Quick Heal Security Lab. The apps do not have any legitimate functionality related to App name. All apps are made by the same developer ‘Sarvesh Developer’.
Fig. 1: Fake apps on Google Play Store
The description of “Credit Card Process” application on play store is, “provide credit card process” but in the actual application there is no information related to the credit card process. Same is the case with “Home Loan Advisor” application, where the description on play store is, “Gives advice for home loan” but in the actual application there isn’t any information related to home loan advice. Developer develop these apps only for earning money by showing advertisements.
Fig. 2: Google Play Screenshot
Screenshot of application available on Google play store as shown in Fig. 2 don’t match with application screens shown in Fig. 3.
Fig. 3: Applications screens
All apps have same functionality- it gives some task to earn money. To complete each task we need to watch some ads, click on ads and download some apps. After clicking and downloading apps we get points. These fake apps claim that after 10 points, money can be transfered to Paytm, but according to user comments on Play store, transaction shows completed status in fake app but money does not get transferred to Paytm wallet.
To complete task, user needs to watch 22 advertisement, click on one advertisement and install one application.
Fig. 4: Task Dashboard
When user clicks on arrow shown in Fig. 4, it shows full screen advertisement.
Fig. 5: Ads shown by Fake Apps
After Ads are closed by user, it shows timer of 5 sec as shown in Fig.6 and goes back to task dashboard.
Fig. 6: Shows count
In notification windows it shows message to user, “Because of some issues payment was not done, today everyone will get the payment”. The message is in Hindi language so we can assume that developer could be Indian.
Fig. 7: Notification windows
User Comments on Google play Store
Quick Heal Detection
Quick Heal successfully detect these malware under variants of Android.Fakeapp.A
Here is the list of fake application names with MD5:
How to stay safe from fake mobile apps
- Check an app’s description before you download it.
- Check the app developer’s name and their website. If the name sounds strange or odd, you have reasons to suspect it.
- Go through the reviews and ratings of the app.
- Avoid downloading apps from third-party app stores.
- Use a reliable mobile antivirus that can prevent fake and malicious apps from getting installed on your phone.