Main Takeaways
- Fake applications are programs designed to mimic legitimate applications familiar to us.
- Scammers will attempt to hide malicious software behind a fake app listing on third-party or official app stores.
- Users should only download the Binance app from official channels, such as our website, the Google Play Store, or the Apple App Store.
Fake applications — programs designed to mimic legitimate applications familiar to us — are among today’s biggest cybersecurity threats.
Fake apps look just like the real thing, from the logo to the description. On the surface, they might have the same interface, services, and functionalities. Some even have repackaged source code from the official application.
But if you take a closer look, you may find malicious software spying on your phone activity or attempting to steal your information and assets. Scammers will disseminate fake applications through various methods, including third-party or counterfeit app stores, official app stores, and social engineering via emails or SMS messages.
Let’s first dive into two methods scammers use to disguise fake apps: imitation and repackaging.
Example 1: Imitation
Imitation, as the name implies, attempts to trick users by pretending to copy the official source with similar names, logos, and features. Below is an example of an imitation app trying to pass off as an official BNB Chain app.
Example 2: Repackaging
The second method, repackaging, is significantly more challenging to identify at first sight. Repackaged apps use the same metadata as the official version, including the name and icon, by modifying and repackaging the source code. The example below is a repackaged app posing as the official Binance app. You’ll notice it features the exact same logo.
The Different Types of Fake Apps and Their Dangers
- Ad bots. Fake apps will sometimes contain an obnoxious amount of unwanted ads that may even start appearing on your phone calendar or other places.
- Billing fraud. Scammers can use fake apps to automatically charge purchases to your phone bill without your consent.
- Botnet. Cybercriminals can use your phone as part of a DDoS (distributed denial of service) attack to mine cryptocurrency or send spam to other potential targets.
- Hostile content. Fake apps can include inappropriate content, such as hate speech, pornography, or violence, to name a few.
- Hostile downloaders. While they might not contain malicious code, fake apps can lead victims to download other malicious and unwanted software onto their devices.
- Phishing. Criminals can steal your login information using an interface designed to mimic the login menu of a legitimate application.
- Privilege escalation. This type of fake app will ask for elevated privileges, allowing criminals to disable your device’s core security functions.
- Ransomware. Designed to infect your device with ransomware, this type of fake app will lock you out of your data, encrypting and rendering it unreadable.
- Rooting. Rooting apps may contain code that disables your device’s built-in security and carries out harmful actions against your device.
- Spam. As the name implies, spam apps will send unsolicited messages to your contacts or involve your device in a mass email spam campaign.
- Spyware. Spyware apps send personal data to third parties without your consent. The data may include text messages, call logs, contact lists, email records, photos, browser history, GPS location, crypto addresses, and recovery phrases from other apps on your device.
- Trojan. Once installed, trojans may seem harmless on the outside — but in the background — they’re secretly performing malicious actions, such as harvesting personal data or sending premium SMS messages from your device without your knowledge.
Fake apps in the crypto space will often replace the addresses displayed on their interface’s deposit and withdrawal page. When the user initiates a transfer, their assets end up going to the scammer’s account. This is one of the most common ways crypto users lose their assets to fake apps.
As a general guideline, we suggest depositing or withdrawing a small amount as a test trial before initiating higher-value transactions.
How to Spot and Protect Yourself From Fake Apps
Look for these red flags before pressing download
- Distorted icon. Fake apps will try to imitate the official app store listing as much as possible. Don’t be deceived by distorted versions of the actual icon.
- Unnecessary permission agreement. Read the developer’s privacy policy before you download the app. Once installed, fake apps will often ask for unnecessary authorizations.
- Questionable reviews. Be suspicious of any app with either an excess of negative or positive reviews.
- Grammar mistakes. Legitimate developers will put time into removing typos and errors in their app descriptions. Be wary if you spot an unreasonable number of grammatical errors in the app description.
- Low number of downloads. It’s improbable for widely-used legitimate apps to have very few downloads. For example, the Binance app has over 50 million downloads on the Google Play store alone.
- Fake developer information. Check the app’s developer information. Does it provide a legitimate company, email address, or website? If so, perform an online search to see if the information provided is related to the official organization.
- New release date. When was the app released? The app is likely fake if the listing shows a recent release date with many downloads and reviews. Legitimate apps with a high number of reviews and downloads have typically been on the market for at least a few years.
Follow these guidelines before you download any application. Read through the description, reviews, the developer’s privacy policy, and most importantly, don’t click on suspicious links. Even official app stores will have fake listings from time to time.
If you receive an unexpected SMS, a strange notification, or an unusual request from someone claiming to be a “Binance employee,” proceed with caution.
If you download a fraudulent application or click a suspicious link, your phone, assets, or personal information may get compromised before you even notice.
If you suspect you’ve downloaded a fake application, delete it immediately, restart your phone, and file a report to the relevant app store. While not 100% secure, activating two-factor authentication (2FA) can make a huge difference in protecting your funds, even if someone successfully phishes your login credentials.
Download the Binance App from our official channels
- Binance official website
- Google Play
- Apple App Store
Please note that you are responsible for conducting your own due diligence and following general security measures regarding the legitimacy of any application that appears to be a Binance app before downloading and installing it. Binance is not responsible for any loss that may be incurred from using fake or illegitimate applications.
Disclaimer and Risk Warning: This content is presented to you on an “as is” basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial advice, nor is it intended to recommend the purchase of any specific product or service. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance is not liable for any losses you may incur. Not financial advice. For more information, see our Terms of Use and Risk Warning.
Get the latest news here: Cointime channel — https://t.me/cointime_en
All Comments