Fake versions of legitimate applications are being circulated online to steal personal information from unaware users. Mimicked, cloned, or masked versions of known applications launch malware and phishing attacks once users download and install them in their system. As per research, some of the most mimicked apps are Skype (28%), Adobe Reader (18.2%), VLC Player (17.6%), 7zip (11.5%) and CCleaner (5.6%), among others. This process of phishing using downloaded apps helps hackers and phishers circumvent security solutions that may be put in place to avoid minor hacking attempts.
Most used apps
Extensively used apps like Zoom, WhatsApp, and Microsoft Edge are easy targets in such scams. Phishers are also improvising ways to convince users to click on their links. Based on 1,816 samples tested by VirusTotal, Google Chrome, Brave, Mozilla Firefox and Proton VPN were also found to be injected with malware. Such attacks are done by hacking and using the source code, certificates or server of a genuine app and hiding malware using this information.
Domains used by cyber criminals
The test also showed that over 5% of the ‘antivirus applications’ had 78 malicious files out of 80,000 individual files. Alexa tested 1,000 domains and found that 10% had suspicious samples. Some of the abused domains include, however, are not limited to hxxps://cdn[.]discordapp[.]com, hxxp://aaaenterprises[.]co, hxxps://bit[.]ly, hxxps://updatebrowser[.]org, hxxps://anonymousfiles[.]io and hxxp://192.210.173[.]40.
How to prevent phishing by cloned apps
Avoid downloading applications from random websites or webstores. It can be a fake website that can extract all personal information with a single click to impersonate, steal money and create multiple fake accounts using the hacked data. Even though some legitimate applications are cloned, try to use the respective app store provided by the device.
Avoid downloading media from inauthentic app providers
Most sites that offer media for downloading or watching movies are loaded with popups ads, external links, offers and windows that pop with messages asking users to download an antivirus app. Some popups create a sense of urgency by stating that their device is at risk. Some use attractive women to draw attention. Do not click on such claims and popups; close those tabs or pages immediately. Rerunning the antivirus scanner may also help in deleting files that may have been downloaded. Not using media from such sites is also advisable.
Address and report cyberattacks
Report suspicious activities on a downloaded app to the app developers by using their official contact like their email, contact number, chat feature, or mailing address. Critical concerns can be taken to cybersecurity officers nearest to the users or online. Providing them with the app details can help them investigate the attack and offer redressal accordingly. Since companies and individual users are both vulnerable to phishing attempts using innovative and disguised methods, it is necessary to be equipped with the knowledge to be prepared to fight them.
