Fake Reviews Help Users to Spot Bogus Apps and Junk Products

  • By Dawna M. Roberts
  • Published: Jun 10, 2021
  • Last Updated: Mar 18, 2022

 The world runs on reviews nowadays. Before anyone buys a product, they read reviews, consult social media, and look for other online sources of information. The problem is that these reviews that we have come to depend on so highly are often fake.

Why Fake Ads are So Common

When a not-so-reputable company wants to sell products on Amazon or an app on the Google Play or App Store, it can be hard to market if they don’t yet have an audience. The solution: they create fake ads claiming positive results and inflating user ratings. The problem is that if legitimate users read these reviews, they might base their purchase on this bogus information.

KrebsonSecurity reported that one user informed them of a fraudulent Microsoft Authenticator app on the Google Chrome Store. The app had five reviews, two positive (showing 3 & 4 stars) with illegible comments, and three others warned that it was laced with malware. Google eventually removed the profile and the app.

The same company that pushed the malware product also had another extension on the Google Store, which had three fake reviews on there as well. Google traced all the users who had left fake reviews back to the same email address.

The incident above spurred KrebsonSecurity to do a deep dive into fake positive reviews, and after 24 hours of research, they found another 100 fraudulent reviews for a bunch of bogus apps. Their findings revealed:

“-39 reviewers who were happy with extensions that spoofed major brands and requested financial data.
-45 malicious extensions that collectively had close to 100,000 downloads.
-25 developer accounts tied to multiple banned applications.”

Many of the extensions were pretending to be from popular brands like Microsoft, Roku, Amazon, Adobe, HBO, and Facebook. Most of the spoofed players had a few apps on the Google Play store available.

A few of the bogus apps appeared not to have a considerable following, but sadly, many had thousands of downloads. According to KrebsonSecurity “A fake Microsoft Teams extension attracted 16,200 downloads in the roughly two months it was available from the Google store. A counterfeit version of CapCut, a professional video editing software suite, claimed nearly 24,000 downloads over a similar time period.”

Most of the apps were designed simply to steal personal information for identity theft or fraud. None were found to be all that sophisticated or take control of the device.
 
Interestingly, after careful examination of the data, threat researchers found that many of the extensions available were developed by only a handful of developers, so even though there may have been many user accounts for the purpose of reviews, they belonged to the same hackers. KrebsonSecurity shared this information with Google so they could take action to prevent this type of activity in the future and protect users.
 

How to Spot Fake Reviews and Stay Safe

Before downloading any new app or extension, you should check things out to ensure you aren’t downloading malware.

  • First, read the reviews. If they have poor grammar, incomprehensible English, or vague comments, steer clear.
  • If reviewers give a high rating without saying much about the product, look into that too. 
  • Check out the reviewer and see what other products they have reviewed and their comments.
  • Be sure to check out the developer site. Do some research to be sure it is legitimately from the company it claims to be.
  • Check downloads. Although many fake apps and extensions can become popular, see how many people downloaded them.
Some other tips to stay clear of malware and keep your devices clean are:
 
  • Keep antivirus software running on your device at all times.
  • Never download anything unless you trust the source.
  • Keep your device updated with the latest security patches.
  • Watch out for any decline in performance after installing something new.
About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What Are Pretexting Attacks: Scam Types and Security Tips?

What Are Pretexting Attacks: Scam Types and Security Tips?

Have you ever received a text from someone you do not know? Did you become alarmed by the message? Did the message contain information about you and the people you know?

What is a Time-based One-time Password (TOTP)?

What is a Time-based One-time Password (TOTP)?

Authentication is the process that verifies the user's identity to control access to resources, prevent unauthorized users from gaining access to the system, and record user activities (to hold them accountable for their activities).

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

The growing scale of organizations and the more opportunities to push the boundaries have led to an upsurge in corporate fraud in recent years.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close