Read on Twitter
A thread about counterfeit Android applications.
A counterfeit application impersonates the genuine application by looking exactly the same and offering identical features. That way users cannot spot them. Counterfeit applications usually embeds malware, adware,
1/n
A counterfeit application impersonates the genuine application by looking exactly the same and offering identical features. That way users cannot spot them. Counterfeit applications usually embeds malware, adware,
1/n
spyware, trojan...
Back in 2018, @EFF and @Lookout revealed the Dark Caracal cyber-espionage campaigns targeting military personnel, enterprises, medical professionals, activists, journalists, lawyers.
More details: https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf
2/n
Back in 2018, @EFF and @Lookout revealed the Dark Caracal cyber-espionage campaigns targeting military personnel, enterprises, medical professionals, activists, journalists, lawyers.
More details: https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf
2/n
The primary attack vector was mobile phones by spreading trojanized mobile applications impersonating Orbot (the @torproject proxy for Android), @signalapp secure messaging, @telegram messenger, WhatsApp and few other.
Fake apps or counterfeit/weaponized apps are everywhere
3/n
Fake apps or counterfeit/weaponized apps are everywhere
3/n
on Google Play store, Huawei store, Xiaomi store, TCL store and many other. Fake apps have represent different threat depending on the attacker goals and targets.
Cracked/unlocked premium apps are very common in gaming and music streaming fields. Their goal is
4/n
Cracked/unlocked premium apps are very common in gaming and music streaming fields. Their goal is
4/n
to offer applications you should have to buy for free. They usually embed adwares to generate advertisement revenues. This kind of fake app make companies face, at least, shortfalls. Some of those "cracked apps" embed spyware allowing attacker to take over the user accounts.
5/n
5/n
Fake @Deezer, @Spotify, @Ubisoft apps are widely spread. More generally, attackers take advantages of apps popularity to earn money and/or steal information (accounts, banking...).
Nation state operations like the Dark Caracal one use fake apps to track targeted people
6/n
Nation state operations like the Dark Caracal one use fake apps to track targeted people
6/n
or to infiltrate secure/encrypted chat groups. My guess is that police used fake #encrochat app to monitor E2EE messages sent by criminals.
More details: https://www.vice.com/en_uk/article/3aza95/how-police-secretly-took-over-a-global-phone-network-for-organised-crime
7/n
More details: https://www.vice.com/en_uk/article/3aza95/how-police-secretly-took-over-a-global-phone-network-for-organised-crime
7/n
Companies editing apps face different threats:
- user/customer data violation/breach
- hijack ad revenues
- API abuse
Companies using apps for VPN connection, internal operations face much serious threats:
- breach of confidential information
8/n
- user/customer data violation/breach
- hijack ad revenues
- API abuse
Companies using apps for VPN connection, internal operations face much serious threats:
- breach of confidential information
8/n
- internal IT infrastructure intrusion
- data breach
- ransom
End users face a large variety of threats:
- data breach
- account take over
- identify theft
- ransom
- manipulation
- embezzlement
- surveillance
9/n
- data breach
- ransom
End users face a large variety of threats:
- data breach
- account take over
- identify theft
- ransom
- manipulation
- embezzlement
- surveillance
9/n
Fake apps are really easy to craft since lots of automatic patchers and malware kits are available online. Weaponizing an application is a child's play.
Last month we ( @defensive_lab) start working with @SilenceIM, @fedilab_app, @element_hq and @ExodusPrivacy
10/n
Last month we ( @defensive_lab) start working with @SilenceIM, @fedilab_app, @element_hq and @ExodusPrivacy
10/n
to show how so many apps are counterfeited. As an example, ScatterScam has found 49 fake Silence app versions around half of them are weaponized.
More details: https://scatterscam.defensive-lab.agency/report/orgsmssecuresmssecure/
11/n
More details: https://scatterscam.defensive-lab.agency/report/orgsmssecuresmssecure/
11/n
By actively monitoring fake apps we have discovered at least 2 large scale scam campaigns using 500+ different applications. Those campaigns use updated versions of pretty old malwares and few C2 domains have been revived since April. Investigations are still in progress.
12/12
12/12
