ESET Alert: The Cyber-Risks of Malicious Copycat Apps

Mobile applications make the world go round. Instant communication services are among the most popular apps on iOS and Android alike  –  Signal has an estimated 40 million users, with the figure rising to 700 million for Telegram, another open-source messaging service. Meanwhile, Meta-owned WhatsApp is the undisputed global leader with an estimated two billion monthly active users.

But their popularity has also attracted the scrutiny of threat actors who are keen to find a way to sneak malware onto your device. It could end up costing you and even your employer dear.

Malicious developers have become pretty skilled at tricking users into downloading their wares. Often, they will produce malicious copycat apps designed to mimic legitimate ones. They can then distribute them via phishing messages in email, by text, on social media or the communications app itself, taking the victim to a scam page and misleading them into installing what they believe to be an official app. Or they could direct users to legitimate-looking fake apps that may occasionally make it through the strict vetting procedures on the Google Play marketplace or Apple’s iOS platform.

At any rate, if you download and install a malicious app on your phone, it could expose you or your employer to a range of threats, including:

theft of sensitive personal data, which could be sold on the dark web to identity fraudsters
theft of banking/financial information, which could be used to drain funds
performance issues because malicious apps may change the device’s settings and features and slow it down
adware that floods the device with unwatched advertising, making it difficult to use
spyware designed to eavesdrop on your conversations, messages and other information
ransomware designed to completely lock down the device until a fee is paid
premium-rate services, which the malware may covertly use, racking up huge bills
theft of logins for sensitive accounts, which could be sold to scammers
corporate cyberattacks designed to steal your work logins or data with a view to accessing sensitive corporate data or deploying ransomware

Guest post by ESET Ireland. Read the full report at ESET Ireland’s official blog, including precautions for staying safe.