Mobthreat

Mobile App Impersonation & Threat Intelligence Scanner

mobthreat is an automated mobile threat intelligence tool that continuously scans both Google Play and Apple App Store for impersonating, copycat, or fraudulent apps targeting specific brands or organizations It helps security teams and digital brand protection units detect potential brand abuse, malware distribution, and phishing through fake apps

Features

• Queries both Play Store and App Store APIs
• Compares app names, developers, packages, and keywords in descriptions
• Fine-tune sensitivity (fuzzy name match, overall score, description bonus, etc.)
• Remembers previously seen apps, only reports new suspicious results
• Slack and Discord webhook integration (stdout fallback by default)
• Extendable to icon similarity via perceptual hashing (pHash)
• Add multiple targets, keywords, and known legitimate apps

Installation

git clone https://github.com/shamo0/mobthreat.git
cd mobthreat
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Configuration

All configuration is handled through config.yml

poll_interval_minutes: 60

thresholds:
  name_fuzzy: 55
  package_exact: true
  icon_phash_distance: 8
  overall_score: 50
  description_weight: 15
  description_bonus: 20
  ocr_weight: 10    
  brand_keywords:
    - "OpenAI"
    - "ChatGPT"

targets:
  - id: ChatGPT
    company_name: "OpenAI"
    keywords:
      - "ChatGPT"
      - "OpenAI"
    known_apps:
      - name: "ChatGPT"
        platform: android
        package: "com.openai.chatgpt"
      - name: "ChatGPT"
        platform: ios
        bundle: "id6448311069"

notifications:
  slack_webhook: null
  discord_webhook: null
  extra_recipients: []
logging:
  level: INFO

Usage

One-time scan:

python -m src.mobthreat.main --config config.yml --once

Continuous Monitoring

python -m src.mobthreat.main --config config.yml

Contributing

Contributions are welcome :)