Fake installers of popular messaging apps are being propagated via fraudulent download sites, as disclosed in a series of tweets by a security researcher from CronUp. We also encountered samples of the said files. The sites and the apps are in the Russian language and are aiming to bait Russian users.
The files have different filenames but have the same hashes. They seemed to be corrupted and cannot be launched when the researchers tried to execute them. Further investigation revealed that they exhibit adware-like qualities.
Adware, or advertising-supported software, is any piece of software or application that displays advertisements, which appear as pop-up or pop-under windows. Most users unwittingly install adware by downloading freeware like toolbars, HD wallpapers, or widgets on PCs, or through some mobile apps. Although not outright malicious and considered as grayware, unwanted ads can be disruptive to some users. Adware can also possibly cause slower device and network performance.
Figure 1. Fake download site for Telegram app
Figure 2. Fake download site for Viber app
Figure 3. Fake download site for WhatsApp
Figure 4. Fake download site for Zoom app
Fake apps are not the only ones used in suspicious activities; in fact, even legitimate installers (those found in fraudulent websites and not from official download sites) are not spared. Many cybercriminals bundle malicious files with legitimate installers of apps for communication and other uses. Once these files are downloaded, threat actors can possibly spread malware or gain unauthorized access to the users’ devices and systems.
Steering clear of fake apps
The coronavirus pandemic has forced many organizations to transition to a work-from-home setup. These arrangements heavily depend on communication apps to facilitate real-time interaction between remote team members, which is why securing the tools used in this setup is important.
Users should only download apps from their official download sites. If downloading from app stores such as the App Store or Google Play, users should examine whether the apps are legitimate or replicas. Tell-tale signs of counterfeit apps include a low number of downloads, low ratings, and bad feedback. Whether downloading from download sites or app stores, users should scrutinize the apps as fake apps and fraudulent download sites imitate the name and the design of their genuine counterparts.