SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Surge in counterfeit app risk as cybercrime exploits rising digital consumption

Tue, 28th Nov 2023
FYI, this story is more than a year old

A flood of counterfeit applications on app stores has been identified, putting users at significant risk. Data from the first three quarters of 2023 shows there has been a 32% increase in fake applications professedly offering popular services. Banking, cryptocurrency, and gaming applications have been the most frequent targets, enabling cybercriminals to install malicious code on user devices.

With a marked rise in digital content consumption, the mobile application market has unwittingly become a new goldmine for cyber wrongdoers. They primarily aim to steal users' credentials or payment data and disperse harmful software across devices, prompting warnings and advice for users preparing to download apps.

Dan Chernov, the CEO of DerScanner, highlighted, "Users should examine several critical parameters when installing the app to protect themselves." Those include verifying the developer's name, checking the number of downloads (the more, the better), scrutinising the credibility of reviews, and evaluating the application's update history. He noted an alarming average, saying that a counterfeit app could remain in the app store for 64 days before being detected and removed.

The unbridled proliferation of counterfeit apps is significantly attributed to the accessibility of tools like ChatGPT, an AI-driven service that simplifies app development processes. Chernov observes, "Revolutionizing the tech world, ChatGPT makes mobile app development accessible to all, even to complete beginners via its intuitive coding and real-time error debugging." Due to this facilitation, even would-be hackers with minimal training can craft believable replicas of existing apps to distribute malware.

The mission of a counterfeit 'fake' app is to replicate the appearance and functionality of the original enough to tempt users into downloading it. The names of counterfeit apps often differ by a mere one or two letters from the legitimate versions, making it essential for users to check spellings closely. A recently published app with a suspiciously high download count raises red flags.

Reading user reviews carefully can be highly informative as the tone can disclose potential problems. On the other hand, numerous overwhelmingly positive reviews can also be a sign of manipulation as culprits are aware of how ratings and reviews impact user decisions.

Chernov explains the urgency of cybersecurity, saying, "By using a login and password into a counterfeit app, users inadvertently allow access to their personal information. Thus, practicing cyber hygiene like two-step verification provides an extra layer of protection." He underscores the significance of keeping applications updated and ensuring installations are done via official stores. Utilising antivirus software enables real-time detection and elimination of potential virus threats.

To confirm an application's authenticity, it is recommended that users visit the app developer's official website and download the app directly from a legitimate store link. For enhanced security, tools such as DerScanner can be used to examine an app's safety by simply pasting the application URL from the app stores. It doesn't require any source codes for a scan and provides a security rating and a comprehensive vulnerability report.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X