Fake Mobile App: How Is Your Clone on the App Store Stealing Your Users?

This report explains how fake mobile apps (repackaged, UI-clones, and typosquat variants) impersonate legitimate apps to harvest credentials, bypass MFA, exfiltrate sensitive data (including cryptocurrency seed phrases via OCR), and deliver additional malware. It documents attacker techniques, distribution channels, a large 2024 SpyAgent campaign deploying 280+ fake apps, detection strategies, and a 12-point defense checklist for organizations.