Attack of the Clones

As an evolution of phishing, attackers often download & clone legitimate mobile apps, repackage them with malicious code or Ad libraries, and submit them to domestic and international 3rd party stores. In fact, there are numerous products on the market to automatically clone a legitimate app with a touch of a button. Victims who download cloned apps often can’t tell the difference between a clone & legitimate app, as they often look the same, behave the same, and operate the same (where the cloned app contains malicious code under the attacker’s control).

CloneWatch

Data Theorem’s platform will monitor hundreds of domestic & international 3rd party app stores throughout the world, as well as the App Store, Google Play, Amazon App Store for Android, and Window Mobile. If your app has been cloned, or its logo or trademark is being abused, alerts will be sent to the security and legal team right away.

How bad is this problem? Below are a few articles of apps being cloned for state-sponsored surveillance (WhatsApp and Signal) and Google Play refusing to take down another:
Signal & WhatsApp get Cloned
Google Play won’t remove a cloned App > 5M downloads