Top Reasons Cyber-criminals Publish Mobile Apps on Alternative App Stores
Here are some of the top reasons cyber-criminals publish mobile apps on alternative app stores:
- To create fakes, clones or pirated copies of apps and then masquerading as the original app to divert advertising revenue to fraudulent entities, or to generate in-app purchase revenue at the expense of the original app.
- To embed malware or trojans inside a well-known app for the purpose of tricking users into downloading malware onto the mobile device.
- To create game mods to be used in mobile game cheating.
- To create malicious apps that pose as helpful “utility” apps, such as battery-life extenders, QR code generators, calculators, or productivity apps. Once users are tricked into downloading these apps, the malicious apps often run in the background and monitor user activity or broadcast messages, or to learn what other apps the user has installed and also learn when they are using those other apps. The malicious app can then be used to phone home to a C&C botnet network to receive malware updates or to trigger screen overlay attacks at very precise times because the imposter app has been monitoring the user or device activity and knows what the user is doing.
- To commit mobile click fraud or mobile ad fraud – For instance, sometimes these malicious apps monitor broadcast events about app installs and then generate a barrage of fake clicks at the very last minute in order to take credit for the app install.
- To trigger screen overlays: Another way these imposter apps are used is in triggering screen overlay attacks that cover all or a portion of the mobile user’s real screen to trick them to interact with hidden malicious content. The imposter app triggers the screen overlay that matches the timing, size, and screen placement because it has been monitoring the user’s activity.