Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to malware
Malware

Android.FakeApp

Android.FakeApp is a family of fake Android applications used by cybercriminals in fraudulent schemes. According to the provided content, these apps typically do not deliver their declared functionality and instead load websites hardcoded in their settings or otherwise redirect users to various sites. Reported destinations include fraudulent and malicious websites, phishing pages, bookmaker sites, and online casino sites. Some samples were disguised as finance-related software, while others appeared as games. Doctor Web reported Android.FakeApp as one of the most widespread Android threat families in 2025 and Q3 2025, and also identified new Android.FakeApp samples on Google Play in Q3 and Q4 2025, including apps posing as financial applications and games that under certain conditions loaded fraudulent or gambling-related websites. The content associates the family with general cybercriminal fraud activity rather than a specific named threat actor. No specific indicators of compromise beyond the family behavior and naming are provided in the content.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
news drweb comNews
Apr 1, 2026
Dr.Web - Doctor Web’s Q1 2026 review of virus activity on mobile devices

Trojan app that opens a hardcoded website; known variants redirect users to online casino sites.

Read more
news drweb comNews
Jan 15, 2026
Dr.Web - Doctor Web’s review of virus activity on mobile devices in 2025

Fake-app trojan family used for fraud/phishing by loading attacker-controlled websites (e.g., investment scams, online earnings fraud, casinos/bookmakers) instead of legitimate functionality.

Read more
news drweb comNews
Jan 15, 2026
Dr.Web - Doctor Web’s virus activity review for 2025

Fake Android applications that do not provide claimed functionality and instead load websites, including fraudulent/malicious destinations.

Read more
news drweb comNews
Jan 15, 2026
Dr.Web - Doctor Web’s virus activity review for 2025

Fake Android apps that do not provide claimed functionality and instead load websites, including malicious/fraudulent destinations.

Read more
+4 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.