When the holidays roll around, everyone shops on their phones and communicates plans with their family and friends. But during this time, hackers can try to lure unwary visitors into downloading and opening malicious applications. 

This fraud—app repackaging—is the fake release of legitimate apps. It gets distributed on third-party app stores or via phishing attempts. Such phishing apps are often embedded with malware and may compromise information and a user’s computer.

App repackaging is a malicious practice in which attackers replicate the actual application, inject some code, and distribute it as if it’s the original. These fake apps often masquerade as popular applications like messaging services or security suites to look legitimate. It’s to hoodwink users into downloading them, authorizing malicious functionality, and enabling malware to sneak inside.

The viruses that are included in these copycat apps can be used for anything from espionage to hacking into a device’s system. Once downloaded, victims can also suffer from access violations like lost or stolen photos, messages, and even voice recordings. Such attacks rely on the trust users have in familiar apps. It serves as an important reminder for users to be careful when downloading applications.

Be aware of Gamaredon’s malware campaigns

The app repackaging tactic of the Russian-backed hacker group Gamaredon has been revealed in recent research. Gamaredon is famous for ruthless cyberespionage attacks, but now the group is attacking Android with malware such as BoneSpy and PlainGnome.

These malware strains imitate legitimate apps, such as Telegram and Samsung Knox. After being downloaded, they ask for permission to see important data on the device, such as text messages, call logs, pictures, and even the device’s camera. BoneSpy, out since 2021, monitors data and listens to calls; PlainGnome does more by operating stealthily, listening to audio only when the device is not being tapped, to evade detection.

App repackaging’s motives differ, but in many cases, it is money or sabotage. Hackers could be able to harvest private and financial data and sell it on the dark web or commit identity theft using malware. The purpose in the case of state-sponsored organizations such as Gamaredon tends to be surveillance and intelligence.

Gamaredon campaigns, for instance, have targeted Russian speakers in former Soviet countries, using bogus apps to collect data. When these hackers hack phones, they have access to a mass of private information, from voice recordings to browser histories, which they can turn into political or strategic gold.

Repackaged app malware can have devastating consequences for users. Google has named the following red flags that can mean an Android phone is infected:

  • Incessant pop-ups or new tabs that appear without the user’s consent
  • Unrelated modifications to the browser’s homepage or search engine
  • Noticeable errors in device performance or memory
  • Antivirus software becoming nonfunctional
  • Emails or texts appearing to be sent from the user’s account without their knowledge

When a small mistake is made by a user, like installing an app from a third-party store, devices are compromised and information is lost. And for government puppets such as Gamaredon, there is more at stake. They are organized to steal information or disrupt the activities of not just private individuals but also government and commercial entities. As seen from their recent activities in the former Soviet Union, these attackers evolve, and as users and organizations, it is important to be vigilant when it comes to apps.

General precautions against repackaging attacks

App repackaging is a sophisticated and expanding threat, but individuals can remain at least a few steps ahead of the curve:

  • Only download apps from official sites such as Google Play or the Apple App Store, avoiding third-party services that often include rogue applications.
  • Be cautious of apps that request unnecessary permissions for their purpose. For example, a calculator app does not require access to the camera or messages.
  • Regularly update operating systems and apps to ensure they are always protected with the latest security patches.
  • Avoid clicking on links in emails, messages, or on social media, as these are common vectors for spreading malware.

By understanding how these scams work and taking steps to protect themselves, individuals can help keep their devices safe from malware attacks. With the holidays in full swing, the key is to exercise caution with new app downloads and avoid using unofficial sources. After all, the last thing anyone wants during the holidays is to open a box of cyber problems.