Analysis and Insights by Raphael Centeno
Fake installers of popular messaging apps are being propagated via fraudulent download sites, as disclosed in a series of tweets by a security researcher from CronUp. We also encountered samples of the said files. The sites and the apps are in the Russian language and are aiming to bait Russian users.
Fake apps are not the only ones used in suspicious activities; in fact, even legitimate installers (those found in fraudulent websites and not from official download sites) are not spared. Many cybercriminals bundle malicious files with legitimate installers of apps for communication and other uses. Once these files are downloaded, threat actors can possibly spread malware or gain unauthorized access to the users’ devices and systems.
Steering clear of fake apps
The coronavirus pandemic has forced many organizations to transition to a work-from-home setup. These arrangements heavily depend on communication apps to facilitate real-time interaction between remote team members, which is why securing the tools used in this setup is important.
Users should only download apps from their official download sites. If downloading from app stores such as the App Store or Google Play, users should examine whether the apps are legitimate or replicas. Tell-tale signs of counterfeit apps include a low number of downloads, low ratings, and bad feedback. Whether downloading from download sites or app stores, users should scrutinize the apps as fake apps and fraudulent download sites imitate the name and the design of their genuine counterparts.
Incorporating a multilayered approach to security can also safeguard users against such threats.
Indicators of Compromise
|File Name||SHA-256||Trend Micro Pattern Detection|
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.