T1452 Manipulate App Store Rankings or Ratings
An adversary could use access to a compromised device’s credentials to attempt to manipulate app store rankings or ratings by triggering application downloads or posting fake reviews of applications. This technique likely requires privileged access (a rooted or jailbroken device).
| Item | Value |
|---|---|
| ID | T1452 |
| Sub-techniques | |
| Tactics | TA0034 |
| Platforms | Android, iOS |
| Version | 1.0 |
| Created | 25 October 2017 |
| Last Modified | 03 July 2019 |
Procedure Examples
| ID | Name | Description |
|---|---|---|
| S0293 | BrainTest | BrainTest provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.1 |
| S0432 | Bread | Bread had many fake reviews and ratings on the Play Store.3 |
| S0322 | HummingBad | HummingBad can create fraudulent statistics inside the official Google Play Store.2 |
References
-
Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016. ↩
-
Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017. ↩
-
A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020. ↩