Crypto Security Intelligence: How to Spot and Avoid Fake Apps
Crypto Security Intelligence: How to Spot and Avoid Fake Apps
Main Takeaways
Fake applications are programs designed to mimic legitimate applications that are familiar to us.
Scammers will attempt to hide malicious software behind a fake app listing on third-party or official app stores.
Users should only download the Binance app from official channels, such as our website, the Google Play Store, or the Apple App Store.
Fake applications — programs designed to mimic legitimate applications familiar to us — are among today’s biggest cybersecurity threats.
But if you take a closer look, you may find malicious software spying on your phone activity or attempting to steal your information and assets. Scammers will disseminate fake applications through various methods, including third-party or counterfeit app stores, official app stores, and social engineering via emails or SMS messages.
Let’s first dive into two methods scammers use to disguise fake apps: imitation and repackaging.
Example 1: Imitation
Imitation, as the name implies, attempts to trick users by pretending to copy the official source with similar names, logos, and features. Below is an example of an imitation app trying to pass off as an official BNB Chain app.
Disclaimer: The contents of this image depict a fraudulent application that is not associated in any way or form with Binance.
Example 2: Repackaging
The second method, repackaging, is significantly more challenging to identify at first sight. Repackaged apps use the same metadata as the official version, including the name and icon, by modifying and repackaging the source code. The example below is a repackaged app posing as the official Binance app. You’ll notice it features the exact same logo.
Disclaimer: The contents of this image depict a fraudulent application that is not associated in any way or form with Binance.
Different Types of Fake Apps and Their Dangers
Ad bots. Fake apps will sometimes contain an obnoxious amount of unwanted ads that may even start appearing on your phone calendar or other places.
Billing fraud. Scammers can use fake apps to automatically charge purchases to your phone bill without your consent.
Botnet. Cybercriminals can use your phone as part of a DDoS (distributed denial of service) attack to mine cryptocurrency or send spam to other potential targets.
Hostile content. Fake apps can include inappropriate content, such as hate speech, pornography, or violence, to name a few.
Hostile downloaders. While they might not contain malicious code, fake apps can lead victims to download other malicious and unwanted software onto their devices.
Phishing. Criminals can steal your login information using an interface designed to mimic the login menu of a legitimate application.
Privilege escalation. This type of fake app will ask for elevated privileges, allowing criminals to disable your device’s core security functions.
Ransomware. Designed to infect your device with ransomware, this type of fake app will lock you out of your data, encrypting and rendering it unreadable.
Rooting. Rooting apps may contain code that disables your device’s built-in security and carries out harmful actions against your device.
Spam. As the name implies, spam apps will send unsolicited messages to your contacts or involve your device in a mass email spam campaign.
Spyware. Spyware apps send personal data to third parties without your consent. The data may include text messages, call logs, contact lists, email records, photos, browser history, GPS location, crypto addresses, and recovery phrases from other apps on your device.
Trojan. Once installed, trojans may seem harmless on the outside, but in the background, they’re secretly performing malicious actions, such as harvesting personal data or sending premium SMS messages from your device without your knowledge.
Fake apps in the crypto space will often replace the addresses displayed on their interface’s deposit and withdrawal pages. When the user initiates a transfer, their assets end up going to the scammer’s account. This is one of the most common ways crypto users lose their assets to fake apps.
As a general guideline, we suggest depositing or withdrawing a small amount as a test trial before initiating higher-value transactions.
How to Spot and Avoid Fake Apps
Look for these red flags before pressing download
Distorted icon. Fake apps will try to imitate the official app store listing as much as possible. Don’t be deceived by distorted versions of the actual icon.
Unnecessary permission agreement. Read the developer’s privacy policy before you download the app. Once installed, fake apps will often ask for unnecessary authorizations.
Questionable reviews. Be suspicious of any app with either an excess of negative or positive reviews.
Grammar mistakes. Legitimate developers will put time into removing typos and errors in their app descriptions. Be wary if you spot an unreasonable number of grammatical errors in the app description.
Low number of downloads. It’s improbable for widely-used legitimate apps to have very few downloads. For example, the Binance app has over 50 million downloads on the Google Play Store alone.
Fake developer information. Check the app’s developer information. Does it provide a legitimate company, email address, or website? If so, perform an online search to see if the information provided is related to the official organization.
New release date. When was the app released? The app is likely fake if the listing shows a recent release date with many downloads and reviews. Legitimate apps with a high number of reviews and downloads have typically been on the market for at least a few years.
Security Tips
In order to stay safe in the digital world, it is crucial that you adopt a proactive approach toward application security. We suggest following the guidelines outlined below.
1. App download. Prior to downloading any application, practice due diligence. Examine the details of the application, such as its description and reviews. It’s important to read through the privacy policy of the developer. Do not engage with suspicious links. Remember, even official app stores can have fake listings from time to time.
2. Mistrust unknown interactions. Be wary if you receive an unexpected SMS, a strange notification, or unusual requests from individuals claiming to be “Binance employees.”
3. Delete suspicious applications. If you download a fraudulent application or click a suspicious link, your phone, assets, or personal information may get compromised before you even notice. If you suspect you have fallen victim to a fake application, immediately delete it, restart your phone, and report the incident to the relevant app store.
4. Enable two-factor authentication (2FA). Although no security measure provides absolute protection, the activation of two-factor authentication can significantly bolster your defenses. 2FA can help protect your funds and account, even in the event of a successful phishing attempt on your login credentials.
Remember, your security is of the utmost importance to us. If you’re doubtful about any interactions or have reported a fraudulent application, please don’t hesitate to contact our customer support. We’re dedicated to helping you maintain a secure and safe trading experience. Let’s work together to safeguard your investments.
Download the Binance app from our official channels
Please note that you are responsible for conducting your own due diligence and following general security measures regarding the legitimacy of any application that appears to be a Binance app before downloading and installing it. Binance is not responsible for any loss that may be incurred from using fake or illegitimate applications.
Further Reading
Disclaimer: This content is presented to you on an “as is” basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial advice, nor is it intended to recommend the purchase of any specific product or service. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance is not liable for any losses you may incur. Not financial advice. For more information, see our Terms of Use and Risk Warning.