The UAE Cybersecurity Council has warned against the growing risks posed by fake applications, urging users to exercise caution when downloading software onto their devices. The council stressed that such applications can act as gateways for data theft, fraud, and cyber extortion.
According to the council, avoiding the download and use of suspicious or unverified applications is a key step in reducing exposure to cyber threats and preventing fraudsters from accessing sensitive personal data.
Fake applications, it noted, have emerged as one of the most dangerous tools of cybercrime, targeting both individuals and organisations. Their threat extends beyond data theft, often involving the manipulation of victims and subsequent blackmail after gaining access to sensitive information, images, or financial data—frequently exploiting the trust of users who fail to verify app authenticity.
The council highlighted that fake apps have become increasingly sophisticated, with cybercriminals closely replicating the interfaces of legitimate applications. They often use nearly identical names and logos, making detection difficult even for experienced users. Estimates indicate that more than 85% of such applications impersonate well-known platforms, making identification a significant challenge.
In 2025 alone, around 73% of organisations worldwide were exposed to some form of cyber fraud involving fake applications and other malicious digital tools. The scale of the threat is further illustrated by the discovery of more than 200 fake apps on Google Play Store, which were downloaded over 40 million times before being identified and removed.
How to Identify Fake Applications
The council outlined several key indicators that can help users distinguish between genuine and fake apps—factors often overlooked.
First, users should verify the developer’s identity. Legitimate applications are typically published by well-known companies or verified developers, whereas fake apps often use obscure or slightly altered names resembling the original.
Logos and branding also provide important clues. While fake apps may appear identical at first glance, closer inspection often reveals subtle differences in colour, resolution, or design.
User reviews and ratings can serve as another warning sign. Fake apps frequently feature overly positive or repetitive reviews, or conversely, multiple complaints about malfunctions and unjustified permission requests.
Permissions themselves are a critical red flag. Applications requesting access to photos, camera, location, or contacts without a clear reason should be treated with suspicion. Additionally, update history can indicate credibility—legitimate apps are regularly updated, while fake ones often lack consistent updates or have very recent release dates with no track record.
Rising Threat of “Wiper” Malware
In a related warning, the council highlighted the increasing threat of destructive cyberattacks known as “Wiper Malware,” which are designed to erase or damage data and disrupt systems and services.
Unlike traditional cyberattacks focused on data theft or unauthorised access, these attacks aim to cause widespread disruption within targeted digital environments. Such malware can delete files, damage systems, and halt operations, leading to prolonged downtime and delayed recovery.
The council warned that the impact of these attacks can be severe for both individuals—through the loss of critical personal data—and organisations, where operational systems and services may be significantly disrupted. The risks are particularly high in environments lacking reliable, tested backup systems or clear incident response plans.
To mitigate these threats, the council emphasised the importance of basic cybersecurity practices. These include regularly updating systems and software, addressing security vulnerabilities, exercising caution when dealing with suspicious links or attachments, and maintaining secure, separate, and regularly tested data backups.
It also stressed the need to enhance overall cyber readiness by adopting safe digital behaviours, implementing effective response strategies, and continuously monitoring systems for unusual activity. Raising awareness about evolving cyber threats remains essential, as destructive cyberattacks can affect not only technical infrastructure but also everyday digital usage and business continuity.
The council reaffirmed that prevention and preparedness are the first line of defence against such threats, urging individuals and organisations alike to strengthen data protection measures and adopt proactive cybersecurity practices to ensure resilience in an increasingly complex digital landscape.
