The Top 15 Cloned Android Apps and Games Posing as Trojans

Malware authors are cashing in on the Instagram-Facebook craze with their fake Instagram app for the Android platform.

The fake Instagram app is actually a Trojan in disguise, dubbed as “Andr/Boxer-F” by Sophos, who discovered the malicious apps.  The malware authors made fake websites that advertised the fake Instagram apps.  What the evil apps do is secretly send international texts, which generates a lot money for the malware authors, and empties out your wallet.

An article in ZDNet features the photo of a man, whose identity is unknown, which could be the author of the malware, a relative, a friend or just some random Joe.  The photo is said to be included multiple times in the .apk file of the malicious app.  Sophos believes that the inclusion of the photo in the file multiple times is to change the fingerprint of the file so that it will not be detected by antivirus softwares.

This is the hazard of having an open platform as there are many stores that offer their apps.  Instagram is a free app, so I’m not really sure why people would be downloading this outside of Google Play.  The only reason I can think of is that their device isn’t supported by Google Play.  But if you have Google Play, better get your apps from them.  It will save you a lot of money.  And for those interested in downloading Instagram for Android, click here for the official app.

The fake Instagram app is just one of the fake apps that recently surfaced.  Last week, Sophos warned that a fake Angry Birds Space was spotted in unofficial Android stores.  Just like the Instagram app, the Angry Birds Space app is also a Trojan, identified as  Andr/KongFu-L.  It appears like a fully-functional version of the game but uses the GingerBreak exploit to gain root access to the device, and installs malicious code.  The Trojan then communicates with a remote website to download and install further malware to the compromised device.   Authors of the malware send instructions to the compromised device to download more codes or push URLs to be displayed in the smartphone’s browser.  The compromised device becomes a botnet controlled by the author.

RELATED:  Google has an open-source OS in the works called Fuchsia

McAfee recently published that malware-laced apps are also found in Google Play, uncovering 15 apps capable of stealing users’ data.   Carlos Castillo of McAfee stated that the Trojan targeted Android users in Japan, masquerading as apps offering to display trailers of upcoming Android video games, anime or Japanese adult videos.

In January of this year, Symantec published a list of infected apps that users should definitely avoid as they allow remote accessing of user data.  The list featured the following apps:

  • Counter Elite Force
  • Counter Strike Ground Force
  • CounterStrike Hit Enemy
  • Heart Live Wallpaper
  • Hit Counter Terrorist
  • Stripper Touch girl

From Ogre Games

  • Balloon Game
  • Deal & Be Millionaire
  • Wild Man

From redmicapps

  • Pretty women lingerie puzzle
  • Sexy Girls Photo Game
  • Sexy Girls Puzzle
  • Sexy Women Puzzle

Cybersecurity experts are predicting that these incidents are just the start of malware invading the Android platform.  They’re expecting a widespread attack in a couple of months.

“In the next couple months, I’d expect a big Android attack that’s going to be very widespread,” Jacques Erasmus, chief information security officer with Webroot, a cybersecurity company, said.  “It’s going to be Android, because it’s an open platform–there’s much less regulation in terms of the app store that makes it much easier for criminals to target. Obviously, the Apple user base is massive, but I think that attack is going to come later.”

So what are we going to do when a huge wave of Android malware hits?

If you’re an Android user, be sure to get your apps from legit stores; go to shady markets and expect that you’ll get not only the app you wanted but a bonus bit of malware as well.
Amazon, which has their own Android store, suggests code obfuscating to developers, which modifies the source and machine code of the app so it would be difficult for a human to understand if your app gets decompiled, and it also eliminates the possibility of reverse engineering apps and cloning them.

RELATED:  Intel sells majority stake in McAfee to private equity firm TPG

Amazon recommends Proguard – a code obfuscation tool – provided once the Android SDK has been downloaded.  Proguard shrinks, optimizes, and obfuscates the source code of the app.

Mellisa Tolentino

Staff Writer at SiliconANGLE
Mellisa Tolentino started at SiliconANGLE covering the mobile and social scene. Over the years, her scope expanded to Bitcoin as well as the Internet of Things. SiliconANGLE gave Mellisa her break in writing and it has been an adventure ever since. She’s from the sunny country of Philippines where people always greet you with the warmest smile. If she’s not busy writing, she loves reading, watching TV series and movies, but what she enjoys the most is playing or just chilling on the couch with with her three dogs Ceecee, Ginger, and Rocky.


Join our mailing list to receive the latest news and updates from our team.


Join our mailing list to receive the latest news and updates from our team.


  1. Spam apps became “popular” almost as spam software… I thought this could wait a few years before it bursts out, but I guess that human nature is pretty much one track minded… John of

  2. Spam apps became “popular” almost as spam software… I thought this could wait a few years before it bursts out, but I guess that human nature is pretty much one track minded… Tim of

Submit a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Share This

Share This

Share this post with your friends!