Google Play Store Continues to Battle Evil Twin App Threat
Despite Google’s ongoing efforts, a recent report has shed light on a concerning issue within the Play Store. HUMAN Security has identified over 250 “evil twin” applications on the Android store, serving as decoys for malicious non-Play Store duplicates.
The threat, named Konfety, exploits the CaramelAds mobile advertising SDK and has been responsible for significant ad fraud. These evil twin apps, disguised as harmless duplicates, generate fraudulent revenue by spoofing app IDs and advertising publisher IDs.
While ad fraud poses its own set of challenges, the Konfety campaign has also been linked to directing users to websites hosting malware-laced apps, raising the stakes for unsuspecting users.
Google Protect has been updated to detect these evil twin apps, providing users with a layer of defense against such threats. HUMAN Security has compiled a list of known evil twins for users to cross-reference and remove from their devices.
The Satori Threat Intelligence Team at HUMAN Security discovered that many of these decoy apps are template-based and owned by the same threat actor group behind Konfety. The combination of low install numbers and high ad traffic tipped off researchers to the fraudulent activity.
As users navigate the Play Store and beyond, it is crucial to exercise caution when downloading apps. Stick to official app stores, scrutinize developers and reviews, limit app permissions, avoid third-party downloads, and enable Google Play Protect to safeguard your device.
