A recent report by Symantec published on this week has uncovered 152 Android Application, all of which are malicious and tricks JIO user to give Free JIO Data balance. These all apps are fake android apps that only serve advertisement, never give any free JIO data. Symantec detect these apps as Android.Fakeapp.
What is JIO Company
JIO is an Indian Mobile Network Operator. JIO was founded in 2007. JIO is owned by Owned by Reliance Industries. JIO has over 300 million subscribers. As per Wikipedia JIO has 314.80 million (April 2019) subscriber. JIO headquarter is located at Mumbai.
“These 152 APKs were developed under 21 different package names, all of which claim to offer a free daily data allowance of 25 GB or 125 GB for a period of time ranging from just one day to one year. However, users who download these malicious apps will not receive any free data boosts; instead, their devices will be used to generate advertising revenue for the developers of the apps.” Symantec reports.
How these apps are working
Symantec reports all these fake apps are imitating legitimate JIO apps, like they are using legitimate JIO icons and names, and this makes people fool and people are installing these fake apps on their mobiles. These Fake android apps are using UIs as JIO’s legitimate Apps.
These Fake Apps only annoys you with Advertisements. Upon installing these apps you can see the User Interface of these fake apps looks like legitimate apps user interfaces. Next it will ask you to enter your mobile number to get the JIO free data balance, but if you provide your mobile number there the fake will do nothing, will give you a false impression of connecting to the JIO server. But the researchers says “In fact, the malicious app’s source code shows that no real connections or processing is taking place while the spinner is displayed, and a sleep timer has been added to extend the time the spinner stays onscreen”. Then the fake apps will ask you to share this App in your Whatsapp groups 10 times to get the free JIO data.
Researchers say “victims are asked to share the app with 10 contacts via WhatsApp in order to activate the offer. Other variants of the malware ask victims to follow the developer’s Instagram account or a Telegram group (which are listed in the app). There are also some versions that ask victims to share the app via SMS. Worse still, some of the apps don’t even bother to ask the victim and just go ahead and send the SMS messages without the user’s knowledge. The messages contain a link to download the malicious app and are sent to numbers in the victim’s contact list.”
How to stay safe
- Always make sure your mobile Operating system is up to date
- Use a repeated Antivirus for your mobile
- Never download any apps from untrusted sources
- Check the permissions the application is requesting
Indicators of Compromise
APK SHA2 hash Package name