Ridesharing behemoth, OLA,
tackles fake apps using XVigil
Ridesharing apps have become a part of everyday life, and hence serve as fertile ground for scammers, to exploit users via these apps. They usually do this by publishing applications, belonging to a reputed company, on third party app stores. This a threat because third party app stores don’t maintain the security standards enforced by official app distributors such as Google Play Store or Apple’s app store.
There have been multiple cases where threat actors have modified legitimate applications by injecting malicious code in them, and uploading them to third party app stores such as APKMonk. When unsuspecting users download the modified app, it infects their devices. Scammers also upload multiple older versions of apps that have vulnerabilities, which have been remediated by the app company, in subsequent releases.
OLA engaged CloudSEK to combat the threat of multiple versions of their app, being made available on third part app stores.
CloudSEK’s XVigil monitors third party app stores that have a history of weak security practices, or are known to distribute malicious apps. In the case of OLA, XVigil performed customized discovery of OLA apps that were published in third party app stores. Other than older versions of the OLA app, XVigil also checked for apps mimicking the official OLA app. The AI powered engine processed this raw data to discard duplicates and false positives. The discovered apps were then analyzed, rated based on the threat level, and taken down promptly, to ensure users are not affected.
OLA is ridesharing service that users avail only via the OLA app. Hence, it is of utmost importance that users trust the app, on which they share their locations and payment details. With XVigil, OLA is able to detect the presence of older versions of the app, and fake apps mimicking the official app, across third party app stores. In such situations, time is of the essence. So, with XVigil’s AI powered engine, OLA receives real-time alerts, giving them enough time to take down the fake apps, it can affect their users.