Time and again, individuals face a pressing issue where their bank accounts are compromised after downloading malicious Android applications, commonly referred to as APK (Android Package) files. iPhone users on the other hand are in safer hands as the iPhone app environment is very controlled and have very few malicious apps.
Common Malicious App Impersonations Forms:
These malicious apps frequently disguise themselves as innocuous categories, making it crucial for users to exercise caution when downloading them:
- Maid Cleaning Services
- Moon Cake Ordering
- Covid19 news and tracking (StayAtHome)
- Chat programs
- Fake Chat Programs (eg fake Whatsapp, Telegram)
- Durian Ordering
- Seafood Ordering
- Flower Ordering
- Delivery status checker
- Dubious dating apps
- Donation app
- Discount and cashback apps
- Online grocery shopping
- YouTube video downloader
- Porn viewer/Porn streaming
- Non official ChatGPT app
- Enforcement summonses app (eg police app, central bank)
- Government assistance app
- Refund money app (eg cake ordering, airlines booking)
- Character recognition app (CherryBlos)
- Mobile Cryptocurrency mining (FakeTrade)
- Cryptocurrency and forex trading
- Parking payment apps
- Loan shark app (underground p2p loan apps)
- Games (Hexapop, TilerMaster)
- Wedding invitation app
- Dubious Comic/Anime readers
- Illegal video streaming apps
- Foreign language keyboards
- Pre loved kitchen appliance
- Durian orchard tour
- Voucher app
- Novelty trading apps (eg Pokemon card app)
- Bar code QR scanner app
- Fast food delivery (fried chicken, hamburgers) -Maxi
- Buyback of old electronics and appliance app
- Buyback of old coins app
- Travel booking/Haj booking
- Seasonal food/items (CNY Bakkua, Cookies)
Deceptive Tactics:
Many victims fall prey to these malicious apps because they convincingly pose as legitimate applications. Unbeknownst to users, these apps often contain dangerous features, such as password and keystroke logging capabilities, enabling the theft of sensitive credit card and banking information.
Remote Access Tools (RATs):
To exacerbate matters, some of these malicious apps conceal Remote Access Tools (RATs) eg AndroRAT, granting cybercriminals the ability to discreetly monitor a user's phone screen and even take control of the device without the victim's awareness. There have been actual cases of customers in the local banks getting infected with RATs and it's very hard to proof deniability as the malicious banking transactions will appear to be like done by the customer. Banks, on the other hand, are beefing up security by bootstrapping AI antimalware modules into their banking apps to prevent screenshots, video recording, remote control, root kit and installation of malicious apps on the customer's mobile phone.