Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
How Cybercriminals Use Fake Software to Spy on You

How Cybercriminals Use Fake Software to Spy on You

By Leo S.Leo S. Verified by Sander D.Sander D. Last updated: November 30, 2024 (0)
Table of contents

“Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life,” said Eva Galperin, EFF’s (Electronic Frontier Foundation) Director of Cybersecurity. The comment was regarding a report made along with mobile security company Lookout on the topic of Dark Caracal, a threat that mimics and replaces trustworthy apps with fake ones full of malware.

The topic is not anything new, and if there’s something we’re already used to nowadays it is reading the regular findings that report about how the internet is cluttered with security and privacy menaces. Dark Caracal is only one of the many techniques in a hacker’s repertoire and yet more proof that mobile spying is on the risesince the widespread use of smartphones and tablets.

Fake lookalike apps and government spying

Creating a fake app as a perfect photocopy of another is one of the most common methods used by wrongdoers to fool unexpected users into installing what they think is a secure service. Messaging apps are some of the most popular – Telegram, WhatsApp and Signal, for instance – and to make everything even harder to figure out, these trojan apps often work like their real twins, too. However, the entity behind these apps are never the same company that developed them, but instead hackers that can then deploy all sorts of malware to have the app copy the user’s photos, capture audio, retrieve their real physical location, and more.

This is the essence behind Dark Caracal. But what’s more worrying is the fact that EFF and Lookout were able to trace its origins back to the headquarters of Lebanon’s General Directorate of General Security, which is yet another example of how the cyber warfare happening all around us allows “new nation states — previously without significant offensive capabilities — to build and deploy widespread multi-platform cyber espionage campaigns”.

The 50+ page report specifies over 90 indicators of compromise, across different malware for Android devices and Windows, Mac and Linux desktops. In turn, this resulted in the disclosure of a lot of sensitive data – including content from secure messaging clients, text messages, documents and much more – that belongs to “military personnel, enterprises, medical professionals, activists, journalists, lawyers, and educational institutions” of more than 20 countries in North America, Europe, the Middle East, and Asia.

Up to 74% off NordVPN + 3 free months
NordVPN logo
Subscribe to NordVPN's 2-year plan and pay up to 74% less than you would with monthly billing and get three months for free.
Save Up to 74% on NordVPN

But it’s not just nations spying on others that is worrying, hackers acting alone also have interest in the private data of anonymous users – usually to sell it on online black markets – and fake software, including browser extensions, plays an important role here, too. In 2017 a single fake VPN app for iOS was downloaded enough times to make $80,000 in revenue for the perpetrators. And even before this it was discovered that dozens of the most popular apps in Apple’s App Store were vulnerable to Wi-Fi snooping. This is only looking at iOS, too, which is usually regarded as a safer mobile operating system. Google is making efforts to fight these toxic apps as well, as was proved by the massive cleanup of the Play Store in March 2017.

It’s all in your hands

Whenever it comes to mobile apps they’re either trustworthy or they’re not, but part of the problem is also people’s carelessness. It is true that many people are not privacy enthusiasts and have no interest in becoming so, which – however recommended it may be – is fine. And because of this they might blindly grant every permission to the apps they install, which makes it all the easier to fool. But, in some cases, it’s not necessary to be an expert figure out if an app is reliable or not. Why does a calculator app, for instance, need access to your camera, microphone or text message records? When permissions don’t make sense, it’s likely to be a fake app full of malware.

Having said that, being up-to-speed with the latest news about the cyber crime and paying careful attention to apps’ permissions is vital these days. Additionally, a VPN should be used to encrypt your data and remain invisible not only to hackers but to your ISP as well. In this case, it’s important to look for trustworthy providers, like the ones featured here on Best Reviews.


Best VPN services of 2025

Editor's choice
NordVPN logo
Editor's rating:
(4.5)
Intuitive multiplatform apps
Double VPN and P2P support
Plenty of security features
Large VPN network with consistent speeds
Security
Surfshark logo
Editor's rating:
(4)
Intuitive multiplatform apps
Double VPN
WireGuard protocol
Outstanding device support
Multi-device users
IPVanish logo
Editor's rating:
(4.5)
Unlimited devices
No-log policy
24/7 support
Reliable security tools
Gaming
ExpressVPN logo
Editor's rating:
(4)
Extensive device support
Exceptional speed
Intuitive apps
Convenient extras
Traveling
CyberGhost VPN logo
Editor's rating:
(4.5)
Suitable for all VPN users
Great security features
Seven simultaneous connections
24/7 customer support
Streaming
ZoogVPN logo
Editor's rating:
(4.5)
24/7 customer service
Competitive price
Good connection speed
Based in Greece
Torrenting
Private Internet Access logo
Editor's rating:
(4.5)
Unlimited devices
DNS leak protection
Suitable for all users
Completely customizable
Beginners
TunnelBear logo
Editor's rating:
(4)
Very easy and fun to use
Kill switch and traffic obfuscato
Browser extensions and Chrome blocker
Good speeds

User feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2025 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us