• Honeygain

Honeygain Explains: How to Spot a Fake App and Prevent Fraud

As long as they have an internet connection, everybody can access the web – which includes uploading and downloading all types of data. While this provides a great chance to share valuable information, find like-minded people, or even get discovered as an exceptional talent, it also opens the way for all sorts of malicious activities that can be performed completely anonymously.

fake app: hackers using fake apps for malice

Fake desktop and mobile applications are one of the ways bad actors can target internet users, spread malware, and cause other types of harm. By creating a fake app that pretends to be well-known software, hackers can trick unsuspecting users into downloading them… along with viruses, information stealers, and other issues. In this article, we’re going to explain what Honeygain does to fight these cybercriminals and what steps can help you identify a fake app before it’s too late!

Why are we talking about this now?

Just last week, we wrote about the extensive research done by Cisco Talos Intelligence Group – one of the world's most prominent commercial threat intelligence teams. In the report they published on August 31, Cisco Talos explained in great detail how hackers can exploit proxyware by creating infected installers and fake apps with malicious code inside and spreading them through fake websites, forums, and other unauthorized sources.

Unfortunately, the internet is ripe with fake Honeygain installers and apps as well. The only way to stay safe and prevent harm that bad actors could potentially cause to your device or network is to always make sure you’re downloading Honeygain from an authorized sourcethe Honeygain website.

fake app: to make sure you get the genuine app, only download Honeygain from its official website

Imagine you decide to download Honeygain from some discussion board, fake website, or other unofficial sources. Even if you’re lucky enough to get a non-infected installer (which is highly unlikely), you might get an outdated version of the software or one that’s not meant for your operating system. Using the official website, you can always be sure you’re getting the genuine Honeygain app in the latest version available!

What steps has Honeygain taken?

If you’ve been following Honeygain for a while now, you probably know how serious we are about ensuring the safety of our users and the network itself. We require 2-factor authentication for every payout, limit the number of devices per account, and use special fraud and abuse algorithms to monitor our infrastructure 24/7.

But that’s not all: our dedicated security team is also putting a ton of effort into taking down fake Honeygain apps so no potential user can download them and become a victim of a cyber attack. In September alone, we have identified 65 web pages that offered their users to download Honeygain installers our team has never authorized. Every such page is a security risk and damage waiting to happen.

fake app: potential dangers of a fake app

Here are just a few examples of the harm downloading a fake app could result in:

  • Once you log in, a fake app can send your credentials to the hacker and even steal information you’re keeping on your device

  • If a fake app installer is packed with a hacker’s referral code, they might be enjoying recurring bonuses as you’re actively using the app without even knowing

  • A fake app might be ridden with commercials (which is a pretty common form of ad fraud) or simply content you don’t want to see, like hate speech or violence

  • If the app is packed with a type of malicious code that’s known as ransomware, your device might be locked completely – until you pay the ransom, that is!

  • An infected installer might also install a cryptocurrency miner into your device and abuse your network to make money for the hacker

  • ...and that’s far from every type of risk you can be faced with!

The good news is that having registered Honeygain as an official trademark in 2020, our team has all the right to pursue legal action against anyone who impersonates the company or uses our name illegally.

Honeygain has already taken down 72% of all the web pages the team found to offer fake or infected Honeygain apps for download this month!

Remember the web pages we mentioned that were distributing fake Honeygain installers? We have already successfully taken 47 out of 65 down, and the owners of the remaining ones have been identified and contacted as well. This means that it’s just a matter of time before these unauthorized channels are gone for good.

How can you spot a fake app?

It’s easy to say that people who wish to stay safe online should never download fake apps – however, identifying a fake app from a genuine one might not be so easy.

Most hackers aren’t stupid, and they do everything they can to make the malware they spread seem as similar to the real app as possible. Hence, it’s not that uncommon to find infected applications on app stores – even major ones. According to Trend Micro, Google Play currently houses more than 120+ fake cryptocurrency mining apps that do not actually have any mining capabilities and have already tricked thousands of users into paying to use them or watching in-app ads – and that’s just one type of fake apps!

With Honeygain, there’s a simple solution: the company has an official website with a Download page that offers the latest versions of genuine Honeygain apps for Windows, macOS, Linux, and Android. Unfortunately, some other apps don’t have those and rely solely on third-party distributors.

Here are a few red flags that should cause you to raise suspicions and stay away from the Download button:

  • The download page has no connection to the official website. If you hear about an application you’re interested in and would like to download, first of all, find its official website or verified social media account. If the page you were about to download the app from is mentioned on there as an official distributor – great! If it isn’t, don’t click on any links on the suspicious page – instead, look for information of authorized sources on the official website (and if you’re a real champion, inform the support team about the impersonator!).

  • The developer’s name and/or the contact info doesn’t ring any bells. The absolute majority of fake app creators try to make it seem like they’re legit – however, if you look closely, you might notice there’s a lowercase L instead of a capital I (or vice versa), a zero instead of a capital O, or some other small changes or additions in their names or contact information. As for the latter, always be suspicious of Gmail/Yahoo/other public domain email addresses when an app has an official website and a personal domain claimed!

fake app: ways to prevent getting a fake app
  • The permissions seem unrelated to the app’s purpose. Some applications do need your permission to use your camera or access the device’s storage to function properly, but you should always think if it’s a legitimate need for the app. For example, accessing your location is standard for apps like Uber or Bolt, but it’s certainly a red flag when a game or an alarm clock asks for it! A fake app that tries to impersonate Honeygain will easily reveal itself by asking for various permissions: the genuine one doesn’t need anything aside from your Internet connection.

  • The description and the visuals just don’t seem professional. If the logos, screenshots, and other images provided seem to be of a low-resolution and/or the description includes grammar mistakes, it’s a definite red flag. App development teams hire professional graphic designers and copywriters. Hackers have no such luxury – which might result in a poor presentation of their ‘product.’

  • The facts mentioned in the description do not match the official information. Some of the 47 web pages we already took down included incorrect information about Honeygain: one of them said Honeygain users get 1 credit per every 10GB shared (it’s actually 1,000 credits), another stated the app is only available for mobiles and not computers, and others spread even more lies. It’s easy to check by comparing it to the statements on the official website – make sure you do this!

fake app: a section divider with bees

Malicious hackers have been getting more and more active these past few years. It’s hardly a surprise: since the pandemic forced many businesses and service providers to move their operations online, we’ve been using the web more actively than ever. Unfortunately, if we’re not careful, every new app or website we visit can mean a risk of cyber attack.

Curious about joining Honeygain – a crowdsourced web intelligence network that offers its users a chance to make money by sharing their extra bandwidth – but want to stay cautious?

Here’s what you need to do to make sure you don’t end up with a fake app on your hands:

  1. Download the app from the official website and install it on your device

  2. Register by clicking the button below and collect your first $5 for free!