A new report from mobile application security provider Appknox reveals a troubling trend where malicious apps are masquerading as trusted brands like ChatGPT, DALL·E, and WhatsApp.
Appknox’s investigation, which focused on US-based third-party app stores, found that these app clones range from harmless unofficial interfaces to full-scale surveillance tools. More importantly, these fakes are currently available to US users through these alternative stores.
The Advertising Deception
One such app, named DALL·E 3 AI Image Generator, was found on the Aptoide store. Appknox researchers determined that this app pretends to be an image-generation tool from OpenAI, but it has no actual AI capability.
Instead, its code only connects to advertising networks like Unity Ads, AppsFlyer, Adjust, and Bigo Ads. The app displays a fake loading screen that looks like an image is being generated, but network logs confirm it is just loading advertisements in disguise.
“It’s not malware in the strict sense,” said Abhinav Vasisth, Lead Security Researcher at Appknox. Instead, “it is a commercial parasite that profits from deception. It sells ad impressions, not intelligence.”
Further probing revealed that this application was likely built using commercial templates from a developer known for reusing code across many fake app listings.
Spyware Hidden Behind a Chat Icon
The most serious threat is WhatsApp Plus. Disguised as an upgraded messenger, this app is a complete spyware framework. After installation, it silently requests broad permissions, including access to contacts, SMS, and device accounts. This access allows the app to intercept crucial data like one-time passwords (OTPs).
Apart from simple privacy invasion, the extensive permissions grant the spyware the power to intercept banking verification codes and execute identity fraud. In short, it doesn’t just steal information; it effectively steals a person’s digital identity and financial access.
For companies, spyware like WhatsApp Plus creates a systemic enterprise threat. It can steal multi-factor authentication codes and infiltrate corporate accounts. In regulated sectors (Finance, Healthcare), these risks massive compliance failures under frameworks like GDPR, HIPAA, and PCI-DSS, resulting in hefty fines, the report reads.
The Grey Area: Harmless Wrappers
However, researchers found that not all cloned apps are harmful. For instance, the ChatGPT Wrapper app was an authentic, unofficial interface that genuinely connected to the OpenAI API for chat requests, with no hidden malicious code.
This app actually sits in a “grey zone” of convenience as it is “not endorsed by OpenAI, but not deceptive either,” researchers noted in the blog post shared exclusively with Hackread.com.
These findings are alarming because they prove how easily users can be tricked by the AI hype. Given their diversity in deception, from simple ad traps to dangerous spyware, it becomes essential for users to be careful about where they download their apps from.
