A thread about counterfeit Android applications.
⬇️⬇️⬇️
A counterfeit application impersonates the genuine application by looking exactly the same and offering identical features. That way users cannot spot them. Counterfeit applications usually embeds malware, adware,

1/n
spyware, trojan...

Back in 2018, @EFF and @Lookout revealed the Dark Caracal cyber-espionage campaigns targeting military personnel, enterprises, medical professionals, activists, journalists, lawyers.

More details: https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf

2/n
The primary attack vector was mobile phones by spreading trojanized mobile applications impersonating Orbot (the @torproject proxy for Android), @signalapp secure messaging, @telegram messenger, WhatsApp and few other.

Fake apps or counterfeit/weaponized apps are everywhere

3/n
on Google Play store, Huawei store, Xiaomi store, TCL store and many other. Fake apps have represent different threat depending on the attacker goals and targets.

Cracked/unlocked premium apps are very common in gaming and music streaming fields. Their goal is

4/n
to offer applications you should have to buy for free. They usually embed adwares to generate advertisement revenues. This kind of fake app make companies face, at least, shortfalls. Some of those "cracked apps" embed spyware allowing attacker to take over the user accounts.

5/n
Fake @Deezer, @Spotify, @Ubisoft apps are widely spread. More generally, attackers take advantages of apps popularity to earn money and/or steal information (accounts, banking...).

Nation state operations like the Dark Caracal one use fake apps to track targeted people

6/n
Companies editing apps face different threats:
- user/customer data violation/breach
- hijack ad revenues
- API abuse

Companies using apps for VPN connection, internal operations face much serious threats:
- breach of confidential information

8/n
- internal IT infrastructure intrusion
- data breach
- ransom

End users face a large variety of threats:
- data breach
- account take over
- identify theft
- ransom
- manipulation
- embezzlement
- surveillance

9/n
Fake apps are really easy to craft since lots of automatic patchers and malware kits are available online. Weaponizing an application is a child's play.

Last month we ( @defensive_lab) start working with @SilenceIM, @fedilab_app, @element_hq and @ExodusPrivacy

10/n
to show how so many apps are counterfeited. As an example, ScatterScam has found 49 fake Silence app versions around half of them are weaponized.

More details: https://scatterscam.defensive-lab.agency/report/orgsmssecuresmssecure/

11/n
By actively monitoring fake apps we have discovered at least 2 large scale scam campaigns using 500+ different applications. Those campaigns use updated versions of pretty old malwares and few C2 domains have been revived since April. Investigations are still in progress.

12/12
You can follow @U039b.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:

By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.