Cybercriminals are unleashing a fresh wave of malicious apps designed to steal your most sensitive information—and they’re getting smarter by the day.

“The landscape of mobile security is changing rapidly,” warns William Petherbridge, Manager of Systems Engineering at Fortinet. “Fake apps and malicious updates are now among the most serious threats facing smartphone users.”

The tactics employed by these digital predators are increasingly sophisticated. Last year for example, Google was forced to crack down on rogue apps posing as legitimate apps in its Play store, with fake apps often masquerading as trusted brands like Instagram, Snapchat, WhatsApp, and X. Even more insidious are malicious “updates” that can turn your phone into a spy in your pocket.

One such threat is the “Antidot” Android Banking Trojan. This malware disguises itself as a legitimate Google Play update but can secretly log your keystrokes, potentially stealing passwords, credit card numbers, and other sensitive data.

“If malware infects your phone,” Petherbridge cautions, “you have to assume that all data on the device is compromised. This includes your banking apps and even virtual card information.”

How to spot and avoid fake apps

• Stick to official sources: Always download apps from the Google Play Store. Third-party app stores are far more likely to host malicious software.
• Check the developer: Look at the app’s developer information. Reputable companies will have a consistent naming convention and website link.
• Read reviews carefully: Be wary of apps with few reviews or many that sound suspiciously similar. Fake reviews are a common tactic used by scammers.
• Examine permissions: Does a simple game really need access to your contacts or camera? Be sceptical of apps requesting excessive permissions.
• Watch for red flags: Poor grammar in descriptions, low-quality graphics, or promised features that seem too good to be true are all warning signs.

“Vigilance is key. Cybercriminals are constantly evolving their tactics. Users need to stay informed and cautious,” says Petherbridge.

Reduce the risk

Beyond identifying fake apps, Petherbridge outlines additional steps to protect your device:

• Install operating system updates promptly
• Use a reputable mobile anti-virus solution
• Consider encrypted cloud backups for your data
• Be wary of phishing attempts via email, text, or phone calls
• Avoid using public Wi-Fi without a VPN

Also avoid “rooting” your device. Rooting (sometimes called “jailbreaking” for iPhones) gives you administrative access to your device’s operating system. While this allows for greater customisation, it also bypasses many built-in security features, potentially exposing your device to increased risks.

Stay informed, stay cautious

“Mobile phones have become central to how we work, communicate, and manage our lives,” Petherbridge notes. “This makes them an incredibly attractive target for cybercriminals. By following these best practices, users can significantly reduce their risk of falling victim to malicious apps and other mobile threats.”

As our reliance on smartphones continues to grow, so too does the importance of mobile security. The battle against malicious apps is ongoing, with cybercriminals constantly devising new ways to exploit our devices.

“Stay informed, stay cautious, and remember that your best defence is your own awareness,” he stresses. “Treat your smartphone security with the same seriousness you would your home or personal computer. In the digital age, your mobile device is often the key to your entire online life – safeguard it accordingly, ” he concludes.