Highlights

  • Fake apps are programs designed to imitate well-known, legitimate apps.

  • Scammers try to hide the malicious software behind fake apps published on third-party or official app stores.

  • The Binance app should only be downloaded from official channels such as our website, Google Play or Apple Store.

Fake apps, programs that imitate the legitimate apps we know, are currently one of the biggest cybersecurity threats.

From the logo to their description, fake apps look real. At first glance, they seem to have the same interface, the same services and functionalities. Some even clone the source code of the official application (repackaging).

But if you pay attention, you will notice that there is malicious software tracking your activity on the phone, or trying to steal your information and assets. Scammers spread fake apps through various methods, for example, publishing them on third-party or fake app stores, official app stores, and employing social engineering by sending emails or SMS messages.

First, let's delve into the two methods scammers use to camouflage fake apps: imitation and repackaging.

Example 1: Imitation

Imitation, as its name suggests, aims to deceive users by copying the names, logos and similar features of the official source. Below is an example of a copycat app trying to impersonate the official BNB Chain app.

Disclaimer: The image shows a scam application that is not associated in any way, shape, or form with Binance.

Example 2: Repackaging

The second method, repackaging, is a little more difficult to identify with the naked eye. These applications modify and repackage the source code, so they use the same metadata as the original version, such as the name and icon. The following example is a repackaged app posing as the official Binance app. You will notice that the logo is exactly the same.

Disclaimer: The image shows a scam application that is not associated in any way, shape, or form with Binance.

Different types of fake applications and their risks

  1. Advertising bots. Fake apps sometimes contain an annoying amount of unwanted ads, which may even start appearing on your phone's calendar or other places.

  2. Billing fraud. Scammers can use fake apps to make automatic purchases and charge them to your phone bill without your consent.

  3. Botnet. Cybercriminals can use your phone as part of a distributed denial of service (DDoS) attack to mine cryptocurrency or spam other potential victims.

  4. Inappropriate content. Fake apps may include inappropriate content, such as hate speech, pornography, or violence, among others.

  5. Harmful downloads. While they may not contain malicious code, fake apps can cause victims to download other malicious and unwanted software onto their devices.

  6. Phishing. Criminals can steal your login information using an interface that mimics the login menu of a legitimate application.

  7. Increase of privileges. These fake apps request increased privileges, allowing criminals to disable core security features on your device.

  8. Rasomware. These types of fake applications are designed to infect your device with ransomware, thus blocking your data, encrypting it and making it unreadable.

  9. Rooting. Rooting apps may contain code that disables your device's built-in security and damages it.

  10. Spam. As the name suggests, spam apps send unwanted messages to your contacts or will involve your device in a massive spam email campaign.

  11. Spyware. Spyware applications send your personal data to third parties without your consent. This data can be text messages, call logs, contact lists, email logs, photos, browser history, GPS location, cryptocurrency addresses, and recovery phrases from other apps on your device.

  12. Trojan. Once installed, Trojans may seem harmless, but in the background they perform malicious actions, for example collecting personal data or sending high-quality SMS messages from your device without you realizing it.

Fake cryptocurrency applications often replace the addresses displayed on the deposit and withdrawal page of the interface. When the user makes a transfer, their assets are transferred to the scammer's account. This is one of the most common ways cryptocurrency users lose their assets to fake apps.

As a general guideline, we suggest depositing or withdrawing a small amount on a trial basis before making larger value transactions.

How to identify and protect yourself from fake applications

Pay attention to the following red flags before downloading

  1. Distorted icon. Fake apps try to imitate the official app store release as closely as possible. Don't be fooled by fake versions of the original icon.

  2. Unnecessary permit agreements. Please read the developer's privacy policy before downloading the app. Once installed, they usually ask for unnecessary authorizations.

  3. Dubious opinions. Be suspicious of any app with too many negative or positive reviews.

  4. Grammatical errors. Legitimate developers spend time avoiding typos or any errors in their app descriptions. If you find an excessive amount of grammatical errors in the app description, turn on the alerts.

  5. Few downloads. Widely used legitimate apps are unlikely to have very few downloads. For example, the Binance app has over 50 million downloads on the Google Play store alone.

  6. Fake information from the developer. Find information about the app's developer. Do you provide a legitimate company name, email address, or website? If this is the case, search the Internet to see if the information provided is related to the official organization.

  7. New release date. When was the app launched? If the listing shows a recent release date with many downloads and reviews, the app may be fake. Legitimate apps with lots of reviews and downloads are usually on the market for a few years.

Follow these guidelines before downloading any app. Read the description, reviews, privacy policy of the developer and most importantly, do not click on suspicious links. From time to time, even official app stores may contain fake posts.

If you receive an unexpected SMS, notification, or strange request from someone claiming to be a “Binance employee,” proceed with caution.

If you download a scam app or click on a suspicious link, your phone, assets or personal information could be compromised before you even know it.

If you think you have downloaded a fake app, delete it immediately, restart your phone, and file a report with the appropriate app store. While it's not 100% secure, turning on two-factor authentication (2FA) can make a difference in protecting your funds, even if you're a victim of phishing of your login credentials.

Download the Binance app from our official channels

  1. Binance official website

  2. Google Play

  3. Apple Store

You alone are responsible for conducting due diligence and following general security measures to verify the legitimacy of any application that resembles the Binance application before downloading and installing it. Binance is not responsible for any losses that may be incurred due to the use of fake or illegitimate applications.

Further reading

  • Don't get caught by scammers: Anti-Phishing codes and how to protect yourself

  • Protect your Binance account in 7 simple steps

  • How to protect your Binance account from scams

Legal Notice and Risk Warning: This content is presented “as is” for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial advice, nor is it intended to recommend the purchase of any specific product or service. Digital asset prices are volatile. The value of an investment may go down as well as up, and it may be the case that the user does not recover the amount invested. Only you are responsible for your investment decisions. Binance is not responsible for any losses you may incur. This should not be construed as financial advice. For more information, please see our Terms of Use and Risk Warning.