Almost exactly two months ago, we reported on some fake apps found in the Windows Phone Store. Unfortunately, the news hasn’t stopped there – instead, it seems that this third-party app store is becoming an increasingly popular platform for the bad guys. Today, we‘ve uncovered quite a large set of fake apps which includes scams imitating legitimate popular apps such as Facebook Messenger, CNN, BBC, and WhatsApp.

Fake apps advertised by Ngetich Walter on the Windows Phone Store.

There are two perpetrators behind these fake apps: Ngetich Walter and Cheruiyot Dennis. Between the two of them, they have 58 different apps available in the Windows Phone Store, all of which are fake. The majority of the apps have certain things in common — they collect basic data about users and display various advertisements that are mostly driven by a user’s location. A portion of the apps try to lead users to pages that force them to submit a request to purchase something. Let’s take a closer look at two of them:

1. World News CNN (a.k.a. Abundant Life): What first appears to be a CNN World News app is actually an evangelical message titled “Abundant Life“.

2. Fake Avast Antivirus: Along with the illegitimate social and news apps we discovered, there were even fake Avast apps added into the mix. Fortunately, each of the fake Avast apps are harmless and don’t accomplish anything more else then redirecting users to Avast’s website and displaying advertisements to the user.

Money, money, money

It’s fairly obvious that hackers don’t do this sort of thing for free. After looking into monetization methods, it appears that hackers are primarly using two ways to profit from producing and circulating fake apps on a large scale:

1. Advertisement clicks: Apps load different kinds of advertisement kits, which are clicked either by the user or, in some cases, the app itself. Theoretically, the bigger the number of apps that you advertise on an app store, the larger number of clicks you would receive – another reason that hackers often offer a large number of fake apps at once.

2. Misleading advertisements: Certain ad servers are remotely controlled, giving them the power to switch different advertisements on and off. In some cases, those ads lead to scammy pages that try to convince you that your device has security issues and that you need to install some other paid product to fix it.

What is the motivation behind propogating fake apps?

These days, the Google Play store and iTunes continue to implement smarter solutions to protect their entire ecosystems. This approach is making these systems quite difficult to attack and monetize, causing hackers to avoid them altogether. As a result, a less widely used, third-party app store such as the Windows Phone Store is an ideal place for a hacker to hunt for security loopholes. On top of analyzing the reasons behind why these cybercriminals do what they do, it’s also interesting to consider the fact that often, fake apps remain on third-party app stores for weeks and even months at a time. For some reason, no one takes the time to report bad apps, even if it’s clear that they are fake and the majority of user reviews are extremely negative.

Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.