COVID-19 pandemic has confined a big part of the population indoors, doing their work and daily chores online. This has had a direct impact on mobile app usage trends, especially among on-demand mobile apps. Mobile applications have become a necessity for varied purposes, including video conferencing, communicating, attending online classes, streaming services, playing games, ordering food, vegetables, and medicines online.
The Google Play Store and the App Store are loaded with thousands of mobile apps, making it challenging to find the right development company to download the app. App ‘Reviews’ and ‘Ratings’ are one way of figuring out whether the app is worth your time.
But, malicious malware is impacting the reviews and ratings of the applications. Malware authors abuse the accessibility service of mobile devices by downloading apps and creating fake accounts in the name of the users’ email-id connected with the application. They assign fake reviews and ratings for the application or display ads to fool users with a false promise of removing ads in exchange for 5 Star ratings.
Why ratings and reviews are important for mobile applications?
App reviews and rankings help people choose the most valuable apps and can be the main driver of app downloads. Mobile app reviews matter to improve app store ranking, and also to:
Reviews and ratings are an invaluable source of feedback. Not only are ratings and reviews absolutely necessary to drive the purchase process, but companies are also missing out on sales, profits, and priceless information without them.
Dealing with fake reviews and ratings
App reviews and ratings play a huge role in the success of any application. Considered a big deal on Google Play Store or App Store, reviews or ratings can make or break your app’s future. This valuable asset has caught the attention of malware authors to implement fake reviews and get high rankings in the Play store and more downloads. There are various ways to implement these fake reviews and ratings –
Let us see one example which offers advertisements removal in exchange for ratings.
We had seen several applications aggressively displaying advertisements to the user. When a user installs such an application on his device and launches the application, it displays advertisements aggressively and fools users with a false promise of removing them in exchange for a 5 Star rating.
These applications trick users into leaving high ratings making them more likely to be downloaded in future.
How it works…
When the user clicks the icon to launch the application an ad-displaying component is loaded. It manifests itself as a fake system screen requiring the installation of “plugin android” as shown in Fig 01.
By clicking the install button, the ad-displaying payload gets installed. The user is notified to activate device administrator rights for the fake “plugin” by another irrevocable screen.
After granting the rights, the user is immediately shown a screen full of ads and continuously asked to rate the app with five stars “to remove all ads”. Cancelling the message will result in even more ads shown on the user’s device, aiming to provoke the user into rating the app next time the prompt is displayed as shown in Fig 02 and 03.
Fig 02 shows a full-screen advertisement of a gaming application.
To clean the infected device, it is not enough to uninstall the application user also needs to disable “Device Administrator” rights for the application and uninstall the “plugin android” from the Application Manager as shown in Fig 04, 05, and 06.
OR, one should have trusted AV like “Quick Heal Mobile Security for Android”. It will protect your phone from any such vulnerabilities and protect you from downloading malicious apps on your phone. Quick Heal detects such applications as Android.Hiddad.GEN13670
Implementing fake reviews is also a new way for malware authors to increase cybercrime by taking advantage of the accessibility function of Android to create fake accounts and drop fake reviews.
These Trojan Applications are highly obfuscated and use Google Accessibility Service. Once they get the permissions, the malware can interact with the UI and applications of the user’s mobile device. These applications look like system applications to hide from the user. The application collects information about the user’s device when the user unlocks the device’s screen and send it to the attacker’s servers. The server returns the commands for the application to execute.
The server can send various kinds of commands which application follows:
If accessibility service is not given, to gain accessibility services or to request the deactivation of any security option that has not been granted yet, the malware can launch toast messages to try to convince the user to perform certain actions.
Quick Heal detects such malicious applications as Android.Piom.Aa833
How to combat fake review attacks and stay safe?