Wondering about rogue apps? We explain what they are, what they do, and how to protect your business and your customers from the significant damage they can cause.

What Are Rogue Apps?

Rogue apps are mobile apps designed to impersonate trusted brands, with the goal of gaining unauthorized access to information that can be used to commit fraudulent transactions.

These malicious apps can install malware, ransomware, or trick users into sending their payment details to attackers. Fraudsters sometimes create rogue apps that simply do nothing but charge the user for the download.

For example, cybercriminals will clone a brand’s free app and simply upload it to the app store as a paid product. In one recent study, 134 such “fleeceware” apps were collectively downloaded from the App Store and Google Play Store, racking up $38.5 million in revenue for fraudsters by charging subscription fees that can cost individuals as much as $3,432 per year.

While app stores and cell phone manufacturers try to prevent the distribution and download of rogue apps, it’s often a cat-and-mouse game that can leave both brands and customers vulnerable.

The crime rings behind these fraudulent branded apps are growing increasingly sophisticated. In one recent case, a slew of different apps were used to steal the user’s login credentials for banking, cryptocurrency, and payment apps, along with email and general purpose apps. The malware used to accomplish this wasn’t added until after the app been downloaded and in use for some time.

According to Outseer’s own data, the number of rogue mobile apps uploaded to popular app stores jumped nearly 50% during the third quarter of 2021, and now account for 39% of all fraud attacks worldwide.

What Do Rogue Apps Do?

Rogue apps are generally used by cybercriminals to pilfer money, either through fraudulent app sales or from stolen information. As more app stores crack down on their upload policies, cybercriminals are employing more dubious tactics.

For instance, a malicious shopping app can detect which banking apps the victim has on their phone. When they go to open one of those banking apps, an exact copy of the app home screen is displayed over the real app. When the victim enters their account information, it is submitted to the real banking app and the criminals behind the scenes.

Alternatively, rogue apps can scare unsuspecting users into opening the door for attackers. Some malicious programs can display pop-ups and block out portions of the screen with messages stating the device has been hacked.

These messages often include a download link for a cleanup tool or phone number for support. The “cleanup” tool is typically a piece of malware that is not approved or hosted on the app store. This malware can steal sensitive information to be used for further blackmail or ransom.

Detecting these attacks can be extremely difficult when traditional security measures fail. Victims typically feel frustrated and often blame the impersonated brand, even when the brand was unaware of the attack.

How Do Rogue Apps Work?

Rogue apps can range in complexity depending on who develops them. Common fraudsters often create fake apps that send pop-ups or display ads. These pop-ups usually direct the victim to a malicious site or pay the fraudster for every impression they receive.

Organized crime and even nation-states use highly sophisticated rogue apps to steal information and spy on users. These attacks tend to be less frequent but are devastating once discovered. Entire dark web marketplaces revolve around selling exploits that criminals can use to install rogue apps without setting off any alarms.

In many cases, these apps rely on tricking the user into handing over more permissions than needed. For instance, if you download a weather app it might ask for a list of permissions. Many people simply click yes but fail to realize they just handed over access to all of their contacts and text messages.

These rogue mobile apps are available from both legitimate sources such as the App Store and Play Store, as well as fake sites that mimic the looks of these trusted app repositories. Phishing scams and fraudulent social media pages are often used to promote these links. And with the resurgence in popularity in QR codes like the one used in the 2022 Super Bowl, the FBI is warning consumers and businesses that these 2-D codes will be used to point unsuspecting users to these fraudulent apps.

Once installed, some of the more advanced apps go to work to hide traces of themselves. It’s common to see rogue apps remove their icons and disappear from the installed app list. Finding evidence of these apps can be tough and often requires technical experience to dig through the running background services on the device.

Signs You’re Infected with a Rogue App

Both Android and iOS devices can fall victim to rogue apps. While the malware may vary, you’ll often see the same symptoms. You might have a rogue app on your phone if you experience the following:

  • You’re constantly seeing ads or pop-ups across all your apps
  • Your battery drains faster than normal
  • You see apps on your phone you don’t recognize
  • Your app icon disappears after installation

If you’re experiencing one or more of these signs, have your phone looked at by an expert you trust or a technician with your carrier. In some cases, apps can obtain system-level or admin permissions to prevent themselves from being removed. If this is the case, reach out to an IT professional as soon as possible.

Removing Rogue Apps from Your Device

Consider seeking expert advice before attempting to remove any applications. It’s best practice to have the device looked at by a professional to verify if there is a problem and where it resides. While there are numerous mobile security apps, restoring your device to its factory default is the safest move.

Complex rogue apps can sometimes clone and hide in different places inside your device. Simply uninstalling the app might not fully remove the infection. Resetting to the factory default wipes the slate clean and allows you to start from scratch again.

Removing Rogue Apps from the App Store

Businesses that find that their brand is being impersonated can contact the app store directly to remove the app. The Play Store has a form where you can request an app removal or rejection. Both Google and Apple have very specific guidelines for developers in terms of impersonation and misleading users.

This removal process can take time, which unfortunately leaves your customers vulnerable for longer than necessary. With nearly three million apps on Google Play alone, manually patrolling for fraudsters is impractical, if not impossible.

If your brand is vulnerable or under attack, you’re advised to source a comprehensive, 24/7 cyberattack detection and takedown service that continuously monitors the cybercrime landscape to identify rogue mobile apps and other threats. When fraud is detected, an immediate takedown order is sent to the app store to ensure minimal brand damage.

How to Defend Against Rogue Apps

Rogue apps are bad news for both consumers and brands. Thankfully, there are a few tools and techniques you can use to protect yourself.

Businesses can protect their brand from rogue apps by doing the following:

Individuals can protect themselves from rogue apps by doing the following:

  • Review your app’s permissions (Does a game have access to your text messages?)
  • Only install apps from your app marketplace (Play Store/Apple Store)
  • Read the reviews—avoid apps with thousands of five-star reviews but no written comments
  • Avoid apps with one-star reviews with negative comments, especially the word “scam”
  • Bypass the “helpful” reviews and read both positive and poor reviews
  • Never give an app more permissions than it needs

Protect Your Brand From Rogue App Attacks

Outseer FraudAction prevents rogue apps from exploiting your brand by continuously monitoring social media, app stores, and over a million other URLs each day. Outseer detects and shuts down rogue apps and other brand impersonation attempts before they can cause serious financial and reputational harm to your business or its customers.

To learn how you can protect your customers through the power of frictionless fraud prevention, request a free demo today.

Nir Moatty

Vice President, Global Solution Consulting

Nir is an experienced executive with a passion for the software industry and has been engulfed in it for more than 13 years. Throughout his career, he has managed numerous teams, either field related, impacting Product Strategy, or technology related impacting execution. He’s managed and directed engineer teams in the development of biometric authentication, fraud detection, adaptive authentication and more. Currently, he works with partners and customers to provide the best approach and solution that will yield the most effective results.