Android/FakeApp
Short bio
Android/FakeApp masquerades as being a legitimate app that claims to perform various actions such as being an antivirus app, an updater, and other apps. The true intention is often to gain revenue through displaying ads and redirecting users to install other apps — mostly legitimate apps via Google Play. However, Android/FakeApp variants have been seen performing more malicious activities such as sending/receiving SMS messages, and downloading/dropping other apps.
Symptoms
Android/FakeApp looks/acts unusually suspicious to what it claims. An example is an app that claims to be a malware scanner, but then flags other known legitimate malware scanners as being malicious for removal.
Type and source of infection
On the Android OS, an Android/FakeApp infected APK goes out of its way to masquerade as a legitimate app. It does this in two ways. First method is pretending to be a legitimate app that already exists by using the same/similar filename, the same icon as a legitimate app, same/similar package name, and similar look/feel of a legitimate app. The second method is pretending to be an app that solves a common problem such as an antivirus, banking app, updater, Adobe Flash Player, etc
These apps are mostly distributed through third party app stores, but on occasion have landed on Google Play.
Protection
Malwarebytes for Android protects against Android/FakeApp
Remediation
These apps can be uninstalled using the mobile devices uninstall functionality, the tricky part is identifying the offending behavior and app. That is where Malwarebytes for Android can help by identifying these apps and remove.
Associated threats
- Android/Trojan.FakeApp
- Android/Trojan.FakeAV
- Android/Trojan.FakeBank
- Android/Trojan.FakeFlash
- Android/Trojan.FakeMBAM
- Android/Trojan.FakeNeflic
- Android/Trojan.FakePatch
- Android/Trojan.FakePlayer
- Android/Trojan.FakeUpdates
- Android/Trojan.Banker.FakeToken
- Android/Trojan.Spy.FakePlay
