Android/FakeApp

detection icon

Short bio

Android/FakeApp masquerades as being a legitimate app that claims to perform various actions such as being an antivirus app, an updater, and other apps.  The true intention is often to gain revenue through displaying ads and redirecting users to install other apps — mostly legitimate apps via Google Play.  However, Android/FakeApp variants have been seen performing more malicious activities such as sending/receiving SMS messages, and downloading/dropping other apps.

Symptoms

Android/FakeApp looks/acts unusually suspicious to what it claims.  An example is an app that claims to be a malware scanner, but then flags other known legitimate malware scanners as being malicious for removal.

Type and source of infection

On the Android OS, an Android/FakeApp infected APK goes out of its way to masquerade as a legitimate app.  It does this in two ways. First method is pretending to be a legitimate app that already exists by using the same/similar filename, the same icon as a legitimate app, same/similar package name, and similar look/feel of a legitimate app.  The second method is pretending to be an app that solves a common problem such as an antivirus, banking app, updater, Adobe Flash Player, etc

These apps are mostly distributed through third party app stores, but on occasion have landed on Google Play.

Protection

Malwarebytes for Android protects against Android/FakeApp

Remediation

These apps can be uninstalled using the mobile devices uninstall functionality, the tricky part is identifying the offending behavior and app. That is where Malwarebytes for Android can help by identifying these apps and remove.

Associated threats

  • Android/Trojan.FakeApp
  • Android/Trojan.FakeAV
  • Android/Trojan.FakeBank
  • Android/Trojan.FakeFlash
  • Android/Trojan.FakeMBAM
  • Android/Trojan.FakeNeflic
  • Android/Trojan.FakePatch
  • Android/Trojan.FakePlayer
  • Android/Trojan.FakeUpdates
  • Android/Trojan.Banker.FakeToken
  • Android/Trojan.Spy.FakePlay