BlackBerry says it doesn't know who is responsible for the campaigns but says it likely involves state-sponsored hacking groups. The report says one of the fake apps promised news about Kashmir. India imposed a security lockdown in August on the India-administered region, detaining thousands and cutting off telecommunications for days.
Other fake apps mimicked a pornography website, a dating chat service and a disaster relief organization called the Ansar Foundation. The apps often utilized Google's Android operating system and were distributed through email or on social media messaging services such as WhatsApp.
BlackBerry, a former mobile phone giant now shifted to the security business, says the campaigns reflect a global trend of hackers targeting mobile devices because people use them for work and in their personal lives.
"I don't think we saw examples where they were targeting specific individuals," said the company's Brian Robison. "It was more of a broad stroke." BlackBerry's report also outlines ongoing smartphone malware campaigns in other parts of the world in which hackers appear to be acting in the interests of the Chinese, Iranian, Vietnamese and North Korean governments. One common thread among the different campaigns: they interwove mobile malware into more conventional strategies targeting desktop computers.
Robison said many people have been falsely lulled into thinking their phones are more trustworthy. "We put a lot of trust in the public app stores to try to keep us safe," he said.