Appknox found copies of ChatGPT, DALL·E and WhatsApp apps on third‑party Android stores that are not what they claim to be.
Appknox’s analysis, shared in a blog post covered by HackRead, cataloged fake “AI” apps on third‑party stores such as Aptoide. One listing that advertised itself as a “DALL·E 3 AI Image Generator” did not call an image model. Instead, the app connected to advertising networks — including Unity Ads, AppsFlyer, Adjust and Bigo Ads — and displayed a counterfeit generation screen while loading ad content.
The most serious risk comes from WhatsApp impostors. Researchers found a spyware family, marketed as “WhatsApp Plus,” that asks for broad device permissions — contacts, SMS, device accounts — and uses those privileges to intercept one‑time passwords (OTPs) and exfiltrate contact lists. That combination permits account takeover and identity theft.
Appknox also identified a third category: wrappers that provide unofficial access to the OpenAI API. Those apps do not host generative models and appear to be convenience interfaces rather than malicious software; nevertheless, they operate without endorsement from the platform owner.
The research draws a practical line between direct spyware that abuses Android permissions and cloned apps that monetize trust by serving ads in place of promised functions. Both are distributed widely on alternative app stores, places where Google’s protections are not uniformly applied.
The findings underline a continuing problem for mobile security even as Google’s built‑in defenses block billions of scam messages each month. Appknox’s report is additionally relevant to broader trends in fraud; see our coverage of industrialized phishing and smishing operations such as the “Lighthouse” kit and PhaaS marketplaces.
Sources
“It’s not malware in the strict sense — it is a commercial parasite that profits from deception,” said Abhinav Vasisth, Lead Security Researcher, Appknox.