Fake Reviews Help Users to Spot Bogus Apps and Junk Products

Posted on by Dawna M. Roberts in News June 10, 2021
https://content.infopay.net/storage/thumbnails/GZ2Mr7pASVTQ95hoifxIi03UoASygJbdeAs4UhVz.jpg

 The world runs on reviews nowadays. Before anyone buys a product, they read reviews, consult social media, and look for other online sources of information. The problem is that these reviews that we have come to depend on so highly are often fake.

Why Fake Ads are So Common

When a not-so-reputable company wants to sell products on Amazon or an app on the Google Play or App Store, it can be hard to market if they don’t yet have an audience. The solution: they create fake ads claiming positive results and inflating user ratings. The problem is that if legitimate users read these reviews, they might base their purchase on this bogus information.

KrebsonSecurity reported that one user informed them of a fraudulent Microsoft Authenticator app on the Google Chrome Store. The app had five reviews, two positive (showing 3 & 4 stars) with illegible comments, and three others warned that it was laced with malware. Google eventually removed the profile and the app.

The same company that pushed the malware product also had another extension on the Google Store, which had three fake reviews on there as well. Google traced all the users who had left fake reviews back to the same email address.

The incident above spurred KrebsonSecurity to do a deep dive into fake positive reviews, and after 24 hours of research, they found another 100 fraudulent reviews for a bunch of bogus apps. Their findings revealed:

“-39 reviewers who were happy with extensions that spoofed major brands and requested financial data.
-45 malicious extensions that collectively had close to 100,000 downloads.
-25 developer accounts tied to multiple banned applications.”

Many of the extensions were pretending to be from popular brands like Microsoft, Roku, Amazon, Adobe, HBO, and Facebook. Most of the spoofed players had a few apps on the Google Play store available.

A few of the bogus apps appeared not to have a considerable following, but sadly, many had thousands of downloads. According to KrebsonSecurity “A fake Microsoft Teams extension attracted 16,200 downloads in the roughly two months it was available from the Google store. A counterfeit version of CapCut, a professional video editing software suite, claimed nearly 24,000 downloads over a similar time period.”

Most of the apps were designed simply to steal personal information for identity theft or fraud. None were found to be all that sophisticated or take control of the device.

Interestingly, after careful examination of the data, threat researchers found that many of the extensions available were developed by only a handful of developers, so even though there may have been many user accounts for the purpose of reviews, they belonged to the same hackers. KrebsonSecurity shared this information with Google so they could take action to prevent this type of activity in the future and protect users.

How to Spot Fake Reviews and Stay Safe

Before downloading any new app or extension, you should check things out to ensure you aren’t downloading malware.

  • First, read the reviews. If they have poor grammar, incomprehensible English, or vague comments, steer clear.
  • If reviewers give a high rating without saying much about the product, look into that too. 
  • Check out the reviewer and see what other products they have reviewed and their comments.
  • Be sure to check out the developer site. Do some research to be sure it is legitimately from the company it claims to be.
  • Check downloads. Although many fake apps and extensions can become popular, see how many people downloaded them.
Some other tips to stay clear of malware and keep your devices clean are:

  • Keep antivirus software running on your device at all times.
  • Never download anything unless you trust the source.
  • Keep your device updated with the latest security patches.
  • Watch out for any decline in performance after installing something new.
About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

FREE IDENTITY THREAT SCAN
Scan Your Records for Breaches, Leaks & Exposures!