The main point
Fake apps are programs designed to imitate legitimate apps we know.
Fraudsters will try to hide malicious software behind fake apps listed on third-party app stores or official app stores.
Users should only download the Binance app from official channels, such as our website, Google Play Store, or Apple App Store.
Fake apps — programs designed to imitate legitimate, familiar apps — are one of the biggest cybersecurity threats today.
Fake apps look just like the real ones, from the logo to the description. At first glance, they may have the same interface, services and functions. Some have even repackaged the source code of the official app.
However, if you pay close attention, you may find malicious software spying on your phone activity or trying to steal your information and assets. Fraudsters will spread fake apps through a variety of methods, including fake or third-party app stores, official app stores, and social engineering via email or SMS messages.
Let's discuss two methods fraudsters use to disguise fake apps: impersonation and repackaging.
Example 1: Imitation
Imitation, as the name suggests, tries to trick users by imitating names, logos, and features similar to official sources. Below is an example of an imitation application that imitates the official BNB Chain application.
Disclaimer: The content of this image displays a fraudulent application that is not associated with Binance in any way.
Example 2: Repackaging
The second method, namely repackaging, is much more difficult to recognize at a glance. Repackaged apps use the same metadata as the official version, including name and icon, by modifying and repackaging the source code. Below is an example of an application repackaged disguised as an official Binance application. You will see the exact same logo.
Disclaimer: The content of this image displays a fraudulent application that is not associated with Binance in any way.
Different Types of Fake Apps and Their Dangers
Advertising bots. Fake apps sometimes contain a number of intrusive and unwanted ads that may even start appearing on your phone's calendar or elsewhere.
Billing fraud. Fraudsters can use fake apps to automatically charge purchases to your phone bill without your consent.
Botnets. Cybercriminals can use your phone as part of a DDoS (distributed denial of service) attack to mine cryptocurrency or send spam to other potential targets.
Unfriendly content. Fake apps can contain inappropriate content, such as hate speech, pornography, or violence, to name a few.
Malicious downloader. While they may not contain malicious code, fake apps can cause their victims to download malicious and unwanted software to their devices.
Phishing. Criminals can steal your login information using interfaces designed to mimic native app login menus.
Privileged access escalation. These types of fake apps will request elevated privileges, allowing criminals to disable your device's core security functions.
Ransomware. Designed to infect your device with ransomware, these types of fake apps will lock your data, encrypt it and make it unreadable.
Rooting. Rooting apps may contain code that disables your device's built-in security and then performs harmful actions on your device.
Spam. As the name suggests, spam apps will send unsolicited messages to your contacts or involve your device in the spread of mass email spam.
Spyware. Spyware applications send personal data to third parties without your consent. Such data may include text messages, call logs, contact lists, email records, photos, browser history, GPS location, crypto addresses, and recovery phrases from other applications on your device.
Trojans. Once installed, trojans may seem harmless on the outside — but on the inside — these apps secretly perform malicious actions, such as harvesting personal data or sending premium SMS messages from your device without your knowledge.
Fake apps in the crypto world will often change the addresses displayed on the deposit and withdrawal pages of their interfaces. When a user makes a transfer, the user's assets will go to the fraudster's account. This is one of the most common ways that crypto users lose assets to fake apps.
As a general guide, we recommend that you deposit or withdraw small amounts as a test before making higher value transactions.
How to Recognize and Protect Yourself from Fake Apps
Watch for some of these red flags before hitting the download button
Distorted icon. Fake apps will try to imitate the appearance of the official app store as much as possible. Don't be fooled by different versions of what the icon actually looks like.
Approval of unnecessary permissions. Read the developer's privacy policy before you download the app. Once installed, fake apps often ask for unnecessary authorization.
Doubtful reviews. Be wary of any apps that have excessively negative or positive reviews.
Grammatical errors. The official developer will take the time to remove typos and errors in the app description. Be wary if you find an unusual number of grammatical errors in the app description.
Low number of downloads. It's impossible for a widely used and legitimate app to have so few downloads. For example, the Binance app has been downloaded more than 50 million times on the Google Play Store alone.
Fake developer information. Check the app developer information. Does the app provide information about legitimate companies, email addresses, or websites? If so, do an online search to see if the information provided is related to an official organization.
New release date. When was this application released? The app is likely fake if the listing shows a recent release date with lots of downloads and reviews. Legitimate apps with a high number of reviews and downloads have usually been on the market for at least a few years.
Follow this guide before you download any app. Read the developer's description, reviews, privacy policy, and most importantly, don't click on suspicious links. Even official app stores have fake apps listed.
If you receive an unexpected text message, strange notification, or unusual request from someone claiming to be a "Binance employee", please be careful.
If you download a fake app or click on a suspicious link, your phone, assets or personal information could be compromised without you realizing it.
If you think you have downloaded a fake app, immediately delete the app, restart your phone, and file a report with the relevant app store. While not 100% secure, enabling two-factor authentication (2FA) can go a long way in protecting your funds, even if someone manages to spoof your login credentials.
Download the Binance App from our official channel
Binance official website
Google Play
Apple App Store
Please note that you are responsible for conducting your own due diligence and following general security measures regarding the legitimacy of any application that appears to be a Binance application before downloading and installing such application. Binance is not responsible for any losses that may arise from the use of fake or unauthorized applications.
Further Reading
(Blog) Today's Special Topic: Anti-Phishing Codes and How to Protect Yourself
(Academy) Secure Your Binance Account in 7 Simple Steps
(FAQ) How to Protect Your Binance Account From Fraud
Penafian dan Peringatan Risiko: Konten ini disajikan kepada Anda atas dasar “sebagaimana adanya” untuk informasi umum dan tujuan pendidikan saja tanpa pernyataan atau jaminan dalam bentuk apa pun. Konten ini tidak boleh dianggap sebagai nasihat keuangan ataupun dimaksudkan untuk menyarankan pembelian produk atau jasa tertentu. Harga aset digital dapat menjadi volatil. Nilai investasi Anda mungkin turun atau naik. Anda mungkin tidak mendapatkan kembali jumlah yang sudah diinvestasikan. Anda bertanggung jawab sepenuhnya terhadap keputusan investasi Anda. Binance tidak bertanggung jawab terhadap kerugian yang mungkin Anda alami. Bukan nasihat keuangan. Untuk informasi selengkapnya, baca Ketentuan Penggunaan dan Peringatan Risiko kami.
