Phishing evolves beyond email to become latest Android app threat

February 17, 2025

Phishing has always been a multifaceted threat, but in the public perception, phishing is usually tied up with email. The process, as stereotyped, is clear: a fraudster sends an email with a bogus message from a trusted company, which tricks the user to login to a fake webpage and give their real address. It is a classic piece of con artistry, and hopefully after years of efforts to promote cyber fraud education, most users are at least aware of the concept of email phishing. However, emails are far from the only avenue of access a threat actor could have to their targets.

Android phones, unlike the tightly locked down iOS phones, have the ability to download apps from outside their native app store with relative ease. There are advantages to this, but the major disadvantage is that it makes them considerably more open to threat actors. Some threat actors exploit this access through the use of phishing apps. The basic idea behind the phishing app is the same as the phishing email: the goal is to trick the user into giving the threat actor login information. Only the delivery method has changed.

These phishing apps have a few different forms. Some of them are copies of popular Android apps, such as TikTok, WhatsApp, or Spotify, which collect login information simply from users trying to log into their favorite services. These copies are unlikely to be hosted on the Google Play Store and are likely served via some form of malvertising. Other phishing apps may seem more legitimate, taking the form of regular videogames or utilities which may serve users bogus requests to connect with a separate social media account in order to harvest their login information. A third kind, potentially more dangerous than the others, does not use any programmatic instructions to retrieve the data. Instead, it simply redirects the user from the app to an attacker-controlled website in an attempt to harvest login data. This is more dangerous because these applications are apparently innocuous enough to be hosted on the Google Play Store.

These applications may seem simple, but they are quite dangerous. In the year 2024 alone, more than 22,800 phishing apps were detected on Android. Of these apps, 5200 had functionality that could subvert multi-factor authentication by intercepting SMS messages. Another 4800 could attempt the same by reading data from the notification bar. These possibilities make phishing apps extremely dangerous. In order to reduce risk, it is highly recommended that users only obtain apps from the Google App Store, which takes steps to prevent malware being sold there.

More from Blackwired

April 30, 2025

Ransomware groups test new business models to hit more victims, increase profits

Ransomware groups adapt with new models; DragonForce decentralizes tools, Anubis shifts to extortion over encryption.

Read more
April 23, 2025

Researchers claim breakthrough in fight against AI’s frustrating security hole

CaMeL secures AI by isolating untrusted input, using dual LLMs and strict code control to block prompt injections.

Read more
April 16, 2025

The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders

Precision-validated phishing targets specific emails, blocking others, evading detection and complicating traditional defenses.

Read more

© 2024 Blackwired. All Rights Reserved.