Malicious clones of widely known applications, such as WhatsApp and ChatGPT, are being used by criminals to trick users and steal sensitive information, including banking access codes. The warning was issued by a new report from mobile app security firm Appknox. The investigation detailed how these copies, found in third-party app stores in the United States, function as surveillance and espionage tools. Threats range from apps that simply display deceptive ads to complex spyware structures.
The spread of these fake apps exploits the popularity of artificial intelligence (AI) brands such as DALL·E to induce downloads on unofficial platforms. Ease of access to alternative stores increases the risk, as these do not have the same rigorous security standards as official stores. The study emphasizes the need for increased caution on the part of users when considering installing any application that does not come directly from primary distribution platforms.
Threats focusing on fraudulent advertising and surveillance
One of the applications analyzed, called DALL·E 3 AI Image Generator, was available in the Aptoide store and simulated being an OpenAI image generation tool. Appknox researchers found that, despite the convincing interface, the app did not have any AI functionality. Its sole purpose was to load advertisements disguised as image processing by connecting to advertising networks such as Unity Ads and AppsFlyer.
Appknox lead security researcher Abhinav Vasisth rated theapplication as a “commercial parasite” that profits by selling ad impressions rather than offering any intelligent service. This behavior aligns with a growing trend in cybercrime to use AI hype to distribute adware and profit through advertising fraud. The app’s construction suggests the use of commercial models by developers already known for reusing code in multiple fake listings.
The silent danger of WhatsApp Plus
The most worrying discovery made by Appknox is that of an application called WhatsApp Plus, which presents itself as an improved version of the popular messenger. However, the application is actually a complete spyware framework. After installation, the tool requests excessive permissions, such as access to contacts, SMS and device accounts, without clearly notifying the user.
With these expanded permissions, spyware is able to intercept crucial data such as one-time passwords (OTPs) and bank verification codes. The ability to intercept financial information allows criminals to carry out identity fraud and execute fraudulent transactions. In addition to individual risk, applications like WhatsApp Plus also pose a systemic threat to companies. Theft of multi-factor authentication codes can lead to infiltration of corporate accounts, causing gmajor compliance failures in regulated sectors.
Essential recommendations for digital protection
Given the ease with which the enthusiasm for artificial intelligence can be explored, caution when installing applications becomes essential. Appknox reiterates basic security guidance.
- Strictly avoid third-party app stores and only download from official platforms, such as Google Play Store and Apple App Store.
- Always check the developer’s name, user reviews and requested permissions before starting the installation, even in official stores.
- Companies should automate vulnerability scans and educate employees about the risks associated with downloading applications from unverified sources.
- It is crucial to establish a rapid response protocol to report and remove fake listings immediately.
The proliferation of pirated apps, which range from mere ad decoys to dangerous spyware, underscores the importance of continued vigilance in the mobile app ecosystem. The security of personal and financial data depends on adhering to safe download practices and being aware of social engineering tactics exploited by cybercriminals.
