To increase their reach, the threat actors behind these apps employed various distribution channels, including optimizing the websites on Google’s search engine results pages (SERP). Additionally, they likely utilized social media platforms, instant messaging apps, emails, and other means to target potential victims.
Once a victim downloaded and installed one of these deceptive apps on their device, they would receive a message claiming that the app was unavailable in their region, along with an option to uninstall it quickly. However, the uninstallation process would never occur, leaving the app installed on the device without the user’s knowledge.
