Quote:

Fake CCleaner app loaded with adware

Recently, Avast has discovered that a new fake mobile CCleaner app has been published in the China Baidu App Store (百度手机助手) and it’s specified as Certified Official Version (官方版).

This caught our eye because Avast hasn’t published any official versions of the CCleaner app in the Baidu App Store -- and the story begins.

The Baidu App Store

You can clearly see how this fake CCleaner app is being described on the web page and trying to trick users into downloading it.  It is being presented as the Certified Official Version (官方版). It also has a Chinese title which makes it appear to be official in the Baidu App Store.  One noticeable flaw, however, is in how they incorrectly categorized it under “办公学习 (office learning utilities).”  Another red flag is that it is receiving bad scores whereas, in other app stores around the world, CCleaner has top scores.

Analyzing the fake app with apklab.io

With Avast’s latest mobile threat intelligence platform, apklab.io, researchers can easily see the difference between this fake app and the genuine CCleaner app without trying to reverse engineer the app.

Comparing basic app metadata

First, you quickly notice two things:  1) the fake app is repackaged with a different app name (CCleaner垃圾清理) and a different package name (com.star.ccleaner) and 2) one extra service was introduced with the fake app.