{"id":89783,"date":"2021-04-09T16:46:50","date_gmt":"2021-04-09T11:16:50","guid":{"rendered":"https:\/\/blogs.quickheal.com\/?p=89783"},"modified":"2023-02-22T15:30:28","modified_gmt":"2023-02-22T10:00:28","slug":"malicious-malware-impacting-reviews-and-ratings-of-application","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/malicious-malware-impacting-reviews-and-ratings-of-application\/","title":{"rendered":"Malicious malware impacting reviews and ratings of application"},"content":{"rendered":"<p><a href=\"https:\/\/blogs.quickheal.com\/scam-alert-covid-19-vaccine-phishing-and-money-scam-hits-india\/\">COVID-19<\/a> pandemic has confined a big part of the population indoors, doing their work and daily chores online. This has had a direct impact on mobile app usage trends, especially among on-demand mobile apps. Mobile applications have become a necessity for varied purposes, including video conferencing, communicating, attending online classes, streaming services, playing games, ordering food, vegetables, and medicines online.<\/p>\n<p>The Google Play Store and the App Store are loaded with thousands of mobile apps, making it challenging to find the right development company to download the app. App \u2018Reviews\u2019 and \u2018Ratings\u2019 are one way of figuring out whether the app is worth your time.<\/p>\n<p>But, malicious malware is impacting the reviews and ratings of the applications. Malware authors abuse the accessibility service of mobile devices by downloading apps and creating fake accounts in the name of the users\u2019 email-id connected with the application.\u00a0 They assign fake reviews and ratings for the application or display ads to fool users with a false promise of removing ads in exchange for 5 Star ratings.<\/p>\n<p><strong>Why ratings and reviews are important for mobile applications? <\/strong><\/p>\n<p>App reviews and rankings help people choose the most valuable apps and can be the main driver of app downloads. Mobile app reviews matter to improve app store ranking, and also to:<\/p>\n<ul>\n<li><strong>Increase app downloads &#8211;<\/strong> Higher ratings determine app visibility and authenticity and convince users to install the application.<\/li>\n<li><strong>Guide purchasing behaviour<\/strong> &#8211; People value the opinion of others and look for their affirmation to make smart decisions which are known as <a href=\"https:\/\/woocommerce.com\/posts\/hidden-social-proof\/\">social proof<\/a>. The more positive social proof you can display, the more likely new users will show interest in your app.<\/li>\n<li><strong>Boost conversion rates<\/strong> \u2013 When other users respond to reviews, it can help improve your app\u2019s appeal and discoverability. When you respond to comments, it shows you are paying attention to your customers and engaging with them. This can help increase positive reviews and in turn boost conversion rates.<\/li>\n<li><strong>Improve product &#8211;<\/strong> Play Store recommendation engine mostly features high rated applications. As more positive reviews give a higher rank in search results.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Reviews and ratings are an invaluable source of feedback. Not only are ratings and reviews absolutely necessary to drive the purchase process, but companies are also missing out on sales, profits, and priceless information without them.<\/p>\n<p><strong>Dealing with fake reviews and ratings <\/strong><\/p>\n<p>App reviews and ratings play a huge role in the success of any application. Considered a big deal on Google Play Store or App Store, reviews or ratings can make or break your app\u2019s future. This valuable asset has caught the attention of malware authors to implement fake reviews and get high rankings in the Play store and more downloads. There are various ways to implement these fake reviews and ratings \u2013<\/p>\n<ul>\n<li>Offer some service in exchange for 5 star or positive reviews.<\/li>\n<li>Offer advertisement removal in exchange for 5 Star ratings or reviews.<\/li>\n<li>Offer next game level or additional bonus points in exchange for reviews or ratings.<\/li>\n<li>Accessibility service abuse of mobile device to spread fake reviews.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Let us see one example which offers advertisements removal in exchange for ratings.<\/strong><\/p>\n<p>We had seen several applications aggressively displaying advertisements to the user. When a user installs such an application on his device and launches the application, it displays advertisements aggressively and fools users with a false promise of removing them in exchange for a 5 Star rating.<\/p>\n<p>These applications trick users into leaving high ratings making them more likely to be downloaded in future.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>How it works&#8230;<\/strong><\/p>\n<p>When the user clicks the icon to launch the application an ad-displaying component is loaded. It manifests itself as a fake system screen requiring the installation of \u201cplugin android\u201d as shown in Fig 01.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-89784 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/04\/1-261x390.png\" alt=\"\" width=\"261\" height=\"390\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/1-261x390.png 261w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/1-201x300.png 201w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/1.png 350w\" sizes=\"(max-width: 261px) 100vw, 261px\" \/><\/p>\n<p style=\"text-align: center;\"><em>(Fig 01)\u00a0<\/em><\/p>\n<p>By clicking the install button, the ad-displaying payload gets installed. The user is notified to activate device administrator rights for the fake \u201c<strong>plugin<\/strong>\u201d by another irrevocable screen.<\/p>\n<p>After granting the rights, the user is immediately shown a screen full of ads and continuously asked to rate the app with five stars \u201cto remove all ads\u201d. Cancelling the message will result in even more ads shown on the user\u2019s device, aiming to provoke the user into rating the app next time the prompt is displayed as shown in Fig 02 and 03.<\/p>\n<p>Fig 02 shows a full-screen advertisement of a gaming application.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-89789 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/04\/2-219x390.png\" alt=\"\" width=\"219\" height=\"390\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/2-219x390.png 219w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/2-168x300.png 168w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/2.png 316w\" sizes=\"(max-width: 219px) 100vw, 219px\" \/><\/p>\n<p style=\"text-align: center;\"><em>(Fig 02) <\/em><\/p>\n<p style=\"text-align: center;\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-89788 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/04\/3.png\" alt=\"\" width=\"348\" height=\"346\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/3.png 348w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/3-300x298.png 300w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/3-150x150.png 150w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/3-70x70.png 70w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/3-80x81.png 80w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/3-45x45.png 45w\" sizes=\"(max-width: 348px) 100vw, 348px\" \/><\/p>\n<p style=\"text-align: center;\"><em>(Fig 03)\u00a0<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>To clean the infected device, it is not enough to uninstall the application user also needs to disable \u201c<strong>Device Administrator<\/strong>\u201d rights for the application and uninstall the <strong>\u201cplugin android<\/strong>\u201d from the Application Manager as shown in Fig 04, 05, and 06.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-89785 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/04\/4.png\" alt=\"\" width=\"343\" height=\"226\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/4.png 343w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/4-300x198.png 300w\" sizes=\"(max-width: 343px) 100vw, 343px\" \/><\/p>\n<p style=\"text-align: center;\"><em>(Fig 04)<\/em><\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-89786 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/04\/5-275x390.png\" alt=\"\" width=\"275\" height=\"390\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/5-275x390.png 275w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/5-212x300.png 212w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/5.png 328w\" sizes=\"(max-width: 275px) 100vw, 275px\" \/><\/p>\n<p style=\"text-align: center;\"><em>(Fig 05)<\/em><\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-89787 aligncenter\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2021\/04\/6.png\" alt=\"\" width=\"333\" height=\"134\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/6.png 333w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2021\/04\/6-300x121.png 300w\" sizes=\"(max-width: 333px) 100vw, 333px\" \/><\/p>\n<p style=\"text-align: center;\"><em>(Fig 06)<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>OR, one should have trusted AV like <strong>\u201cQuick Heal Mobile Security for Android\u201d. <\/strong>It will protect your phone from any such vulnerabilities and protect you from downloading malicious apps on your phone. Quick Heal detects such applications as <strong>Android.Hiddad.GEN13670<\/strong><\/p>\n<p>Implementing fake reviews is also a new way for malware authors to increase cybercrime by taking advantage of the accessibility function of Android to create fake accounts and drop fake reviews.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>FAKE REVIEWS:<\/strong><\/p>\n<p>These Trojan Applications are highly obfuscated and use Google Accessibility Service. Once they get the permissions, the malware can interact with the UI and applications of the user&#8217;s mobile device. These applications look like system applications to hide from the user. The application collects information about the user\u2019s device when the user unlocks the device\u2019s screen and send it to the attacker\u2019s servers. The server returns the commands for the application to execute.<\/p>\n<p>The server can send various kinds of commands which application follows:<\/p>\n<ul>\n<li>Deactivating Google Play Protect by abuse of accessibility service.<\/li>\n<li>Downloads and Open ads displaying applications from Google Play or Third-Party app store without interacting user.<\/li>\n<li>Use a legitimate Google account or any social media account to register other applications.<\/li>\n<li>Leave reviews on the applications on behalf of the user.<\/li>\n<li>Open links received from the remote server in an invisible window and hide from the app menu.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>If accessibility service is not given, to gain accessibility services or to request the deactivation of any security option that has not been granted yet, the malware can launch toast messages to try to convince the user to perform certain actions.<\/p>\n<p>Quick Heal detects such malicious applications as <strong>Android.Piom.Aa833<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>How to combat fake review attacks and stay safe? <\/strong><\/p>\n<ul>\n<li>Always download applications from legitimate sources like Google Play and App Store.<\/li>\n<li>Learn how to identify fake applications in Google Play Store.<\/li>\n<li>It is recommended not to download and install applications only on the basis of reviews and ratings.<\/li>\n<li>Read the pop-up messages you get from the Android system before accepting\/allowing any new permissions.<\/li>\n<li>Be extremely cautious about what applications you download on your phone.<\/li>\n<li>Malicious developers spoof original application names and developer names. So, make sure you are downloading genuine applications only. Often application descriptions contain typos and grammatical mistakes. Check the developer\u2019s website if a link is available on the application\u2019s webpage. Avoid using it if anything looks strange or odd.<\/li>\n<li>Avoid downloading applications from third-party application stores or links provided in SMSs, emails, or WhatsApp messages. Also, avoid installing applications that are downloaded after clicking on an advertisement.<\/li>\n<li>For enhanced protection of your phone always use a good antivirus on your phone like <a href=\"https:\/\/www.quickheal.co.in\/quick-heal-mobile-security\" target=\"_blank\" rel=\"noopener noreferrer\">Quick Heal Mobile Security<\/a> for Android.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>COVID-19 pandemic has confined a big part of the population indoors, doing their work and daily chores online. This has had a direct impact on mobile app usage trends, especially among on-demand mobile apps. Mobile applications have become a necessity for varied purposes, including video conferencing, communicating, attending online classes, streaming services, playing games, ordering [&hellip;]<\/p>\n","protected":false},"author":76,"featured_media":89790,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[1801,534,1802,1212,49],"class_list":["post-89783","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware","tag-app-store","tag-cybersecurity","tag-fake-app-reviews","tag-google-play-store","tag-malware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/89783"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/76"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=89783"}],"version-history":[{"count":6,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/89783\/revisions"}],"predecessor-version":[{"id":91510,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/89783\/revisions\/91510"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/89790"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=89783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=89783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=89783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}