Phishing evolves beyond email to become latest Android app threat

February 17, 2025

Phishing has always been a multifaceted threat, but in the public perception, phishing is usually tied up with email. The process, as stereotyped, is clear: a fraudster sends an email with a bogus message from a trusted company, which tricks the user to login to a fake webpage and give their real address. It is a classic piece of con artistry, and hopefully after years of efforts to promote cyber fraud education, most users are at least aware of the concept of email phishing. However, emails are far from the only avenue of access a threat actor could have to their targets.

Android phones, unlike the tightly locked down iOS phones, have the ability to download apps from outside their native app store with relative ease. There are advantages to this, but the major disadvantage is that it makes them considerably more open to threat actors. Some threat actors exploit this access through the use of phishing apps. The basic idea behind the phishing app is the same as the phishing email: the goal is to trick the user into giving the threat actor login information. Only the delivery method has changed.

These phishing apps have a few different forms. Some of them are copies of popular Android apps, such as TikTok, WhatsApp, or Spotify, which collect login information simply from users trying to log into their favorite services. These copies are unlikely to be hosted on the Google Play Store and are likely served via some form of malvertising. Other phishing apps may seem more legitimate, taking the form of regular videogames or utilities which may serve users bogus requests to connect with a separate social media account in order to harvest their login information. A third kind, potentially more dangerous than the others, does not use any programmatic instructions to retrieve the data. Instead, it simply redirects the user from the app to an attacker-controlled website in an attempt to harvest login data. This is more dangerous because these applications are apparently innocuous enough to be hosted on the Google Play Store.

These applications may seem simple, but they are quite dangerous. In the year 2024 alone, more than 22,800 phishing apps were detected on Android. Of these apps, 5200 had functionality that could subvert multi-factor authentication by intercepting SMS messages. Another 4800 could attempt the same by reading data from the notification bar. These possibilities make phishing apps extremely dangerous. In order to reduce risk, it is highly recommended that users only obtain apps from the Google App Store, which takes steps to prevent malware being sold there.

More from Blackwired

June 25, 2025

US Homeland Security warns of escalating Iranian cyberattack risks

US-Iran conflict escalates; DHS warns of rising cyber, terror threats from Iran, allies, and hacktivists targeting US infrastructure.

Read more
June 18, 2025

CISA Issues Comprehensive Guide to Safeguard Network Edge Devices

New global guidance urges stronger edge device security to counter rising zero-day threats—focus on logging, MFA, and hardening.

Read more
June 11, 2025

Hacktivist Groups Transition to Ransomware-as-a-Service Operations

Hacktivist groups shift to ransomware as motives blur, driven by profit and easier access to malware tools around 2024.

Read more

© 2024 Blackwired. All Rights Reserved.