By Todd Han and Junzhi Lu (Mobile Threats Analysts)
Google Play and iOS App store are no strangers to fake apps trying to trick users into downloading ad- or malware-ridden versions. We have previously reported on fake Android voice apps on Google Play, which were observed to be impostor apps for voice messenger platforms. Recently, we also uncovered counterfeit applications hiding among legitimate offerings on app stores. These fake apps masquerade as similar apps to trick unwitting users into downloading gambling apps.
We found hundreds of the fake apps on iOS App Store and Google Play, with descriptions that are inconsistent with their content. While the apps’ descriptions varied, they share the same suspicious behavior: They could transform into gambling apps that may get banned for violating local government regulations and app store policies.
Some of the apps ranked in the Top 100 of the App Store and were possibly downloaded numerous times. Some were even rated more than 100,000 times. We’ve notified Apple and Google about our findings. Both have since removed the apps from App Store and Google Play.
Figure 1. Screenshot of the applications, where a seemingly normal app (left) also has an entirely different look (right)Note: iOS apps (top), Android apps (below)
How the apps are distributed: From webpage to app store
The apps can be downloaded either through a gambling site or the aforementioned app stores. For instance, when visiting the website, the page below will be shown.
