Skip to Content
malware sold on dark web
© Wave Break Media Ltd |
Security & privacy

Malware is hidden in these fake apps that impersonate the real versions

Malware comes in many different forms. But it always has the same objective. To rip you off.

If you think you have a device infected with malware, you must remove it ASAP. Tap or click here for steps to remove malware from your phone or computer. Better yet, we all need to take preventative measures to avoid malware before it’s too late.

Cybercriminals are making that more difficult than ever. They are updating old malicious code versions to evade app store detection. Keep reading for details on these dangerous threats and ways to stay protected.

Here’s the backstory

Last year a hacker appeared on cybercriminal forums, selling the ERMAC Trojan for $3,000 a month. The criminal claimed it could target 378 applications and steal banking passwords, usernames, email addresses and wallet funds. 

The malware went through an update earlier this year, now capable of targeting 467 applications while garnering a $5,000 monthly rental fee. However, it seems that the creator isn’t entirely done spreading malware.

According to research from ThreatFabric, the bad actors behind the malware are selling different versions of malicious code on the Dark Web. They are selling malware targeting Android devices and desktop malware targeting Windows users. Threats include desktop malware Erbium, Aurora stealer and Laplas clipper.

The code is being spread through malicious apps that impersonate legit programs. The threat was discovered when a malicious app was caught masquerading as a Wi-Fi authorization app. It was distributed through a fake one-page website containing only two buttons.

Image source:

Whichever button you click, the malware installs onto your device. This malware can:

  • Steal emails from Gmail.
  • Hijack two-factor authentication codes.
  • Steal credentials for cryptocurrency wallets.
  • Record keystrokes on your device.

What you can do about it

One key to this attack being successful is convincing victims to download apps from third parties. This brings us to a great rule to live by, only download apps and programs from official sources.

If you follow a link to an app found on social media or a shady website, the program could be spoofed and designed to infect your device with malware. Official app stores have more robust security protocols in place to help keep malicious apps out.

ThreatFabric found a few malicious apps that are impersonating the real deal. Here are some examples:

  • Wi-Fi Auto Authenticator.
  • Football live stream.
  • OGInsta+ Mod.
  • VidMate.

If you see any of these programs being offered on social media or anywhere other than the Google Play Store, stay away!

Here are a few more safety precautions to avoid infecting your devices with malware.

  • Turn on Google Play Protect by heading to Google Play Store > Profile > Play Protect > Settings and turn on Scan apps with Play Protect.
  • Check your phone for security updates by going to Settings > System > System update.
  • Only download apps from official app stores. Always go to the official source and double-check that you are installing the correct app.
  • Watch out for apps that use a similar logo to other popular apps or have similar functions. Also, check reviews to see if others are warning about suspicious activity.
  • Pay attention to permissions. Stay away if an app wants full access to your text messages or notifications. 
  • Have trustworthy antivirus software on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan of TotalAV Internet Security for only $19 at That’s over 85% off the regular price!

Keep reading

Surprise: Software that promises to ‘reveal’ naked pics plants password-stealing malware

This fake texting app hides malware that steals your number

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started