deceptive apps Archives

AppWizard

July 24, 2025

Over 250 malicious apps found targeting Android users in worrying attack – here’s how to stay safe

Researchers from Zimperium zLabs have discovered an extortion scheme involving over 250 fraudulent dating applications targeting Android users. These apps request extensive permissions to steal sensitive personal files, threatening victims with the release of their private information unless they comply with extortion demands. Many of the associated domains have been indexed by search engines, making it difficult for users to identify the apps as fraudulent. None of the identified apps were available on the official Google Play Store or Apple App Store. Users are advised to be cautious when downloading apps from unfamiliar sources, review permissions regularly, and consider installing mobile security solutions.

AppWizard

May 2, 2025

Google Play Store just lost a ton of apps, but this is actually a good thing

The Google Play Store has seen a decline in available apps from 3.4 million to approximately 1.8 million since the beginning of 2024, representing a loss of nearly 47%. The "games" category lost 200,000 apps, the education sector lost around 160,700 apps, and the business category saw a reduction of 115,400 apps. This removal is part of Google's effort to combat ad fraud, particularly from "vapor apps" that misled users and generated recurring advertisements. Over 56 million downloads were affected across 180 apps. Google has implemented new policies for tracking and removing spammy applications, including expanded verification requirements, mandatory app testing, and enhanced human reviews.

AppWizard

April 25, 2025

12 Android apps secretly recorded your conversations

Recent findings from cybersecurity experts at ESET revealed that several Android applications, disguised as harmless tools, have been secretly recording conversations and stealing sensitive data. These malicious apps infiltrated devices through the Google Play Store and third-party platforms, compromising the privacy of thousands of users. One tactic used by cybercriminals involved romantic deception, where victims were coaxed into downloading a seemingly harmless messaging app containing the VajraSpy Trojan, which activated upon installation to record conversations and harvest personal data. The identified malicious apps fall into three categories: 1. Standard Messaging Apps with Hidden Trojans: These apps, including Hello Chat, MeetMe, and Chit Chat, request access to personal data and operate silently in the background, stealing contacts, SMS messages, call logs, device location, and installed app lists. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat exploit Android’s accessibility features to intercept communications from secure platforms, record phone calls, keystrokes, and ambient sounds. 3. Single Non-Messaging App: Nidus, a news app, requests a phone number for sign-in and collects contacts and files, increasing the risk of data theft. The 12 malicious Android apps identified include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six apps were available on the Google Play Store and had over 1,400 downloads before removal. Users are advised to uninstall these apps immediately to protect their personal data.

AppWizard

March 28, 2025

PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel

PJobRAT is an Android Remote Access Trojan that re-emerged in 2023, targeting users in Taiwan. Initially known for targeting Indian military personnel, it now disguises itself as benign apps like ‘SangaalLite’ and ‘CChat’, distributed via defunct WordPress sites operational from January 2023 to October 2024, with domain registrations dating back to April 2022. The malware is spread through counterfeit applications resembling legitimate messaging services, prompting users to grant extensive permissions. Enhanced capabilities allow it to execute shell commands, access data from any app, root devices, and communicate with command-and-control servers via Firebase Cloud Messaging and HTTP. The campaign appears to have concluded, highlighting the evolving tactics of threat actors. Users are advised against installing apps from untrusted sources and to use mobile threat detection software.

AppWizard

March 28, 2025

PJobRAT makes a comeback, takes another crack at chat apps

In 2021, PJobRAT, an Android Remote Access Trojan (RAT), targeted Indian military personnel through deceptive apps. A new campaign was discovered in 2023, focusing on users in Taiwan, with malicious apps like ‘SangaalLite’ and CChat disguised as instant messaging applications. These apps were available for download from WordPress sites, which have since been taken down. The campaign began in January 2023, with domains registered as early as April 2022, and the latest sample detected in October 2024. The number of infections was low, indicating a targeted approach rather than a broad attack. The distribution methods remain unclear, but may involve SEO poisoning, malvertising, or phishing. Once installed, the apps request extensive permissions and feature basic chat functionality. Recent versions of PJobRAT have shifted from stealing WhatsApp messages to executing shell commands, allowing greater control over compromised devices. PJobRAT communicates with its command-and-control (C2) servers using Firebase Cloud Messaging (FCM) and HTTP, enabling the upload of various data types, including SMS, contacts, and files. The now inactive C2 server was located in Germany.

AppWizard

March 25, 2025

Malicious Android Apps Hide in Plain Sight, Target Millions of Devices

A malicious Android app campaign called “Vapor” has been discovered, designed to trick users into revealing sensitive information through misleading ads. This campaign includes various apps posing as utilities, such as QR code scanners and health trackers, with over 60 million downloads collectively. It primarily targets users in Brazil, the United States, and Mexico. Some apps have evaded detection by not showing harmful behavior immediately after installation and by disguising themselves. They use tactics like inundating users with full-screen ads and employing scare tactics to prompt downloads of additional harmful apps. The campaign may be run by a single cybercriminal group or a coalition, utilizing shared malware development tools. Despite Google removing many harmful apps, new variants continue to emerge, highlighting the evolving nature of mobile malware.

AppWizard

March 21, 2025

Get Rid of These 12 Android Apps That Secretly Record Your Conversations

Security researchers have identified malicious Android applications that invade user privacy by recording audio, intercepting messages, and stealing sensitive data without user consent. A cybersecurity firm, ESET, uncovered a cyber espionage operation that infiltrated Android devices through the Google Play Store and alternative app sources, initially involving six apps on the Play Store with over 1,400 downloads each before their removal. These deceptive apps, which masquerade as messaging services, embed malware capable of tracking user locations and harvesting personal information. Hackers employ tactics like “romance baiting” to trick users into downloading infected apps, such as those containing VajraSpy malware. Experts categorize these malicious apps into three groups: fake messaging apps that steal data, apps exploiting Android’s accessibility features, and a fake news app that harvests user data. A list of twelve flagged apps includes Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat, which should be removed immediately. To protect against spyware apps, users are advised to uninstall suspicious apps, change passwords, enable two-factor authentication, run security scans, and stay informed about cybersecurity updates. Caution is recommended when downloading apps, including verifying developers, checking reviews, and avoiding third-party app stores.

AppWizard

March 19, 2025

These malicious Android apps were installed over 60 million times – here’s how to stay safe

Cybersecurity experts from Bitdefender discovered an ad fraud scheme involving over 300 Android applications that collectively had more than 60 million downloads from the Google Play Store. These apps, which appeared as utility tools like QR scanners and health apps, mainly targeted users with older Android versions (Android 13 and earlier) and first appeared in the third quarter of 2024. As of the research's completion, only 15 of the identified apps were still active, with most affected users located in Brazil, and others in the United States, Mexico, Turkey, and South Korea. The deceptive apps concealed their icons, displayed intrusive ads without user consent, and attempted to harvest sensitive information. Many of these harmful apps have been removed from the Play Store, but users with them installed remain vulnerable. Signs of compromise include lagging, excessive ads, overheating, or unexpected data usage. Users are advised to uninstall suspicious apps and to use the latest version of Android, currently Android 15.

AppWizard

March 9, 2025

Google Confirms Play Store App Deletion—Check Your Phone Now

A report has revealed an extensive ad fraud scheme called "Vapor," which has infiltrated the Google Play Store with over 180 malicious applications that garnered more than 56 million downloads before being removed by Google. These apps, which mimic legitimate applications, primarily target categories like flashlight utilities, QR code readers, and horoscope generators. They initially appear functional but later remove legitimate features in updates, replacing them with intrusive advertisements that hijack the device's interface. Some vapor apps achieved over one million downloads, aided by app install schemes that inflated their rankings. Google has committed to removing violating apps and provides Google Play Protect to safeguard users. Users are advised to be cautious and avoid installing low-value applications to mitigate risks.

AppWizard

October 23, 2024

Delete These 12 Android Apps That Record Your Conversations – Jason Deegan

Security researchers at ESET have identified twelve malicious Android apps capable of recording audio in the background and other intrusive actions. Six of these apps were distributed through the Google Play Store, while the other six were disseminated through less direct means. One tactic used by hackers involves posing as romantic interests on messaging platforms to persuade targets to download infected apps containing the VajraSpy Trojan. The malicious apps fall into three categories: 1. Infected messaging apps that steal personal information and run a Trojan in the background. 2. Apps that exploit accessibility features to intercept communications on WhatsApp and Signal, with one app, Wave Chat, capable of recording phone calls and ambient sounds. 3. A disguised news app that requests personal information and can intercept contacts and files. The identified malicious apps to uninstall include Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six were downloaded over 1,400 times from the Google Play Store before being removed.