Nintendo, one of the most popular gaming companies of the past two decades, has finally released its first game exclusively for iOS, Apple’s mobile operating system. The game: Super Mario Run. The premise: the character Mario runs forward all the time while the user makes him jump around, stomp goombas (mushrooms), collect coins, and navigate all obstacles thrown his way. The reception: decidedly mixed, but mostly a success. And it is that exact sentiment that creates precisely the scenario cybercriminals live for. When there’s a hot new game that people can’t access on their own app stores, making them desperate for any version available, cybercriminals are off to the races, dashing to see who can first clone Super Mario Run for Android.
Often, when alternative versions of a popular yet unavailable game like Super Mario Run are created, they’re marketed to include secrets and add-ons, which is cybercriminal code for malware and ransomware. And while malware has not yet been detected in the fake “Mario Run Jumper” app that popped up, the Android app store still acted proactively and immediately suspended the knock-off.
Android’s preventative efforts seem to have done the job—for now at least—as no further reports of false apps have emerged. However, the real issue lies within the continuous reoccurrence of this trend: the fake app ploy is not limited to just Super Mario Run. We’ve seen this before in 2016. Fake apps are textbook for cybercriminals wishing to lure in the relevant user. Crooks know how and when to capitalize on hot trends, and hope that users are willing to sacrifice their security to satisfy their eagerness to access the newest games and technology.
Unfortunately, those dreams do sometimes become a reality, as time and time again we’ve seen crooks deceive over-eager users into downloading fake apps that turn out to be malicious. Those false apps then turn around and infect their devices with malware, occasionally even locking it with ransomware.
Therefore, to limit the impact of imposter Super Mario Run apps and all fake games to come, stay vigilant. Beyond Apple’s App Store and Google Play, we’re likely going to see loads of links for fake versions of the new gaming app on message boards and unscrupulous websites in the future, and it’s your job to not give in. That way, malware, and hopefully the fake app trend, will stop spreading.
For now, here are a few tips on how to detect and avoid cloned games in mobile app stores:
- Check out app reviews. Take to the reviews section in Apple’s App Store and Google Play. A real app will likely have thousands of (hopefully positive) reviews, while a fake one will likely have little to none.
- Leave it to the professionals. The best way to make sure the app is official is the name, so simply double check and see who published the app before you download it. Be careful, though, scammers will use names similar to the original. So even if it’s off by one letter, remain cautious.
- Secure your phone. As fake apps continue to persist in both Google’s and Apple’s official app stores, make sure your mobile devices are prepared for any threat coming their way. Look into solutions like McAfee Mobile Security so that you can roam the internet, and app stores, securely on your device.
And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.