deceptive apps Archives

AppWizard

November 26, 2025

Android users warned to delete these fake apps after Google alarm

Android users are facing a threat from counterfeit VPN applications that disguise themselves as privacy-enhancing tools but contain malware capable of compromising personal information and security. These fake VPNs mimic reputable brands and use misleading advertisements to appear legitimate. Once installed, they can steal passwords, messages, and financial data, and may even lock devices with ransomware. Google advises users to download VPNs only from trusted sources, look for verification badges, review app permissions, be cautious of free offers, research developers, and avoid scare tactics in marketing. Legitimate VPNs should not request access to personal contacts or photos and should only require network-related permissions.

AppWizard

November 14, 2025

Google warns Android users: Don’t install these apps on your phone!

Google has warned Android users to be cautious when downloading applications from the Google Play Store, particularly those pretending to be VPN services, as they may contain malware. This warning is prompted by new age verification laws in the UK and Italy, which have led minors to seek VPN apps to bypass adult content restrictions, creating an opportunity for cybercriminals to offer fake VPN services. These fraudulent apps can deploy various types of malware, including info-stealers and banking trojans, compromising personal data and financial credentials. Google highlighted that threat actors use sophisticated advertising strategies to distribute these malicious applications, often impersonating trusted brands or using social engineering tactics. To protect against these threats, users are advised to download VPN services only from reputable sources, avoid apps promoted through ads, and pay attention to app permissions. Google Play Protect and a special VPN badge can help identify legitimate apps.

AppWizard

August 30, 2025

Check your Android apps

Google has removed 77 malicious applications from the Play Store that had a total of 19 million installations. These apps, which appeared to be harmless tools or photo editing software, contained spyware, malware, and trojans capable of stealing personal information and draining bank accounts. Users are advised to review and uninstall suspicious apps and consider installing security software.

AppWizard

August 26, 2025

Dangerous Android banking trojan found lurking in malicious apps with 19 million installs — don’t fall for this

Zscaler’s ThreatLabs team discovered 77 malicious applications on the Google Play Store that accumulated 19 million downloads. These apps, disguised as utilities like PDF readers and flashlight tools, used fake reviews and misleading ads to attract users. Upon installation, they would download a malicious payload, including the Anatsa banking trojan, which overlays fake login screens to steal user credentials. Additionally, the Joker malware was found in 25% of these apps, capable of taking screenshots, accessing device information, and signing users up for premium services without consent. Users are advised to limit app installations, scrutinize reviews, activate Google Play Protect, and consider antivirus applications for enhanced security against malware.

AppWizard

July 30, 2025

Google Urges Android Users to Quickly Delete These Apps from Their Phones!

A recent alert has been issued for Android smartphone users about malicious applications found on the Google Play Store that pose significant risks to user security and personal data. Cybersecurity firm Cyble has identified over twenty deceptive apps, many mimicking well-known wallet and cryptocurrency applications, which redirect users to phishing sites that collect sensitive information, including banking and cryptocurrency credentials. Users are advised to uninstall specific harmful apps such as Pancake Swap, Suiet Wallet, Hyperliquid, Raydium, BullX Crypto, OpenOcean Exchange, Meteora Exchange, SushiSwap, and Harvest Finance Blog. Google recommends using the “Play Protect” feature to scan downloaded apps for safety.

AppWizard

July 24, 2025

Over 250 malicious apps found targeting Android users in worrying attack – here’s how to stay safe

Researchers from Zimperium zLabs have discovered an extortion scheme involving over 250 fraudulent dating applications targeting Android users. These apps request extensive permissions to steal sensitive personal files, threatening victims with the release of their private information unless they comply with extortion demands. Many of the associated domains have been indexed by search engines, making it difficult for users to identify the apps as fraudulent. None of the identified apps were available on the official Google Play Store or Apple App Store. Users are advised to be cautious when downloading apps from unfamiliar sources, review permissions regularly, and consider installing mobile security solutions.

AppWizard

May 2, 2025

Google Play Store just lost a ton of apps, but this is actually a good thing

The Google Play Store has seen a decline in available apps from 3.4 million to approximately 1.8 million since the beginning of 2024, representing a loss of nearly 47%. The "games" category lost 200,000 apps, the education sector lost around 160,700 apps, and the business category saw a reduction of 115,400 apps. This removal is part of Google's effort to combat ad fraud, particularly from "vapor apps" that misled users and generated recurring advertisements. Over 56 million downloads were affected across 180 apps. Google has implemented new policies for tracking and removing spammy applications, including expanded verification requirements, mandatory app testing, and enhanced human reviews.

AppWizard

April 25, 2025

12 Android apps secretly recorded your conversations

Recent findings from cybersecurity experts at ESET revealed that several Android applications, disguised as harmless tools, have been secretly recording conversations and stealing sensitive data. These malicious apps infiltrated devices through the Google Play Store and third-party platforms, compromising the privacy of thousands of users. One tactic used by cybercriminals involved romantic deception, where victims were coaxed into downloading a seemingly harmless messaging app containing the VajraSpy Trojan, which activated upon installation to record conversations and harvest personal data. The identified malicious apps fall into three categories: 1. Standard Messaging Apps with Hidden Trojans: These apps, including Hello Chat, MeetMe, and Chit Chat, request access to personal data and operate silently in the background, stealing contacts, SMS messages, call logs, device location, and installed app lists. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat exploit Android’s accessibility features to intercept communications from secure platforms, record phone calls, keystrokes, and ambient sounds. 3. Single Non-Messaging App: Nidus, a news app, requests a phone number for sign-in and collects contacts and files, increasing the risk of data theft. The 12 malicious Android apps identified include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six apps were available on the Google Play Store and had over 1,400 downloads before removal. Users are advised to uninstall these apps immediately to protect their personal data.

AppWizard

March 28, 2025

PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel

PJobRAT is an Android Remote Access Trojan that re-emerged in 2023, targeting users in Taiwan. Initially known for targeting Indian military personnel, it now disguises itself as benign apps like ‘SangaalLite’ and ‘CChat’, distributed via defunct WordPress sites operational from January 2023 to October 2024, with domain registrations dating back to April 2022. The malware is spread through counterfeit applications resembling legitimate messaging services, prompting users to grant extensive permissions. Enhanced capabilities allow it to execute shell commands, access data from any app, root devices, and communicate with command-and-control servers via Firebase Cloud Messaging and HTTP. The campaign appears to have concluded, highlighting the evolving tactics of threat actors. Users are advised against installing apps from untrusted sources and to use mobile threat detection software.

AppWizard

March 28, 2025

PJobRAT makes a comeback, takes another crack at chat apps

In 2021, PJobRAT, an Android Remote Access Trojan (RAT), targeted Indian military personnel through deceptive apps. A new campaign was discovered in 2023, focusing on users in Taiwan, with malicious apps like ‘SangaalLite’ and CChat disguised as instant messaging applications. These apps were available for download from WordPress sites, which have since been taken down. The campaign began in January 2023, with domains registered as early as April 2022, and the latest sample detected in October 2024. The number of infections was low, indicating a targeted approach rather than a broad attack. The distribution methods remain unclear, but may involve SEO poisoning, malvertising, or phishing. Once installed, the apps request extensive permissions and feature basic chat functionality. Recent versions of PJobRAT have shifted from stealing WhatsApp messages to executing shell commands, allowing greater control over compromised devices. PJobRAT communicates with its command-and-control (C2) servers using Firebase Cloud Messaging (FCM) and HTTP, enabling the upload of various data types, including SMS, contacts, and files. The now inactive C2 server was located in Germany.