| Crédito | Fecha | Estado |
|---|
: Ensure you receive the push notification on your own device before completing a sale. Use Yape Empresa : For businesses, Yape Empresa
Proponents of Yape Falso Apk 2023 claim that it offers several benefits, including:
: Using these apps to deceive others constitutes fraud, a criminal offense that has led to numerous arrests in Peru. How to Protect Yourself To avoid falling victim to this scam, the official Yape Help Center recommends these steps: Check Your Own App
Granting permissions to these apps often means handing over your personal identity, location, and photos to cybercriminals. Legal and Ethical Consequences Yape Falso Apk 2023
Downloading third-party APKs from unverified sites can expose your device to malware, spyware, or data theft.
| Category | Observations | |----------|--------------| | | Most APKs are obfuscated with tools like ProGuard or DexGuard , making static analysis harder. | | Dynamic loading | Some use encrypted Dex files that are decrypted at runtime and loaded via DexClassLoader . | | C2 infrastructure | ‑ HTTPS endpoints under domains such as *.cloudfront.net , *.cdn77.com , or custom sub‑domains of free hosting providers (e.g., mycdn.xyz ). ‑ TLS certificates are often Let’s Encrypt with a short lifespan (30 days). | | Permissions | Requests SMS , READ_CONTACTS , READ_PHONE_STATE , WRITE_EXTERNAL_STORAGE , and SYSTEM_ALERT_WINDOW – far beyond what a legitimate payment app needs. | | UI mimicry | Replicates Yape’s splash screen, logo, and QR‑code scanner UI. Some include a “fake balance” screen that shows a fabricated amount (e.g., “S/ 5 000”) to build trust. | | Network behaviour | • Sends device identifiers (IMEI, Android ID) • Uploads contacts in CSV format • Posts login credentials to /api/login endpoints • Periodic “heartbeat” to /ping every 5 min. | | Anti‑analysis | Detects emulators , rooted devices , and debuggers ; will exit or display a benign “App is up‑to‑date” message if suspicious. | | Persistence | Registers a BootCompleted receiver; may also schedule a JobService to restart if killed. |
| Step | Action | Why | |------|--------|-----| | | Go to Settings → Apps → Yape Falso → Uninstall. If the uninstall button is disabled, boot the device in Safe Mode and try again. | Removes the malicious code. | | 2. Revoke permissions | In Settings → Apps → Yape Falso → Permissions → Deny all. (Optional if you cannot uninstall immediately.) | Stops data exfiltration while you arrange removal. | | 3. Revoke OAuth/Device authorisation | Log into your BCP online banking portal → Security → “Devices & Apps”. Revoke any unknown device or app. | Prevents attackers from using stolen tokens. | | 4. Change credentials | Reset your BCP password, update your Yape PIN, and request a new OTP method (e.g., hardware token). | Invalidates any credentials already captured. | | 5. Scan for additional payloads | Run a full device scan with a reputable mobile‑AV solution. Look for secondary APKs (e.g., adware, ransomware). | Detects hidden components that may have been installed. | | 6. Clean contacts & SMS | Delete any suspicious messages that contain download links. Notify friends who may have received the same link. | Prevents lateral spread. | | 7. Re‑install the official app | Download Yape only from the Google Play Store (or the official BCP website for Android APKs). Verify the package name and signature. | Restores a safe payment environment. | | 8. Report | File a report with BCP , Google Play Protect , and optionally the Peruvian National Police (Policía Nacional del Perú – Cibercrime Unit) . | Helps authorities track the distribution network. | : Ensure you receive the push notification on
| Recommendation | Rationale | |----------------|-----------| | – Google Play, Apple App Store, or the official BCP website. | Reduces risk of tampered binaries. | | Verify the app’s publisher – The legitimate Yape app is published by “Banco de Crédito del Perú”. | Counterfeit apps use similar names but different publishers. | | Enable two‑factor authentication (2FA) – If BCP offers token‑based or push‑notification 2FA, enable it. | Even if credentials are stolen, the attacker cannot complete a login without the second factor. | | Never share OTPs – BCP never asks you to provide an OTP to a third party. | OTP requests are a classic phishing lure. | | Beware of “free money” offers – Any claim that you’ll receive an instant credit for installing an app is a scam. | Social engineering tactic to increase downloads. | | Keep the OS and apps updated – Security patches often block known exploits used by malicious APKs. | Reduces attack surface. | | Use a mobile security app – Enable real‑time scanning and app‑verification features. | Provides an additional line of defence. | | Educate friends & family – Share a short warning about the Yape fake app, especially with older relatives who might be targeted. | Cuts the infection chain. |
The term "falsos" refers to fake or modified versions of legitimate apps. These apps often claim to offer additional features, benefits, or services not available in the official app. However, they usually come with significant risks, including financial loss, data theft, and security vulnerabilities.
: These files are distributed through unofficial channels like Telegram or Facebook groups. They often contain | | C2 infrastructure | ‑ HTTPS endpoints
If you are looking for secure ways to manage digital payments or collaborate on content, consider these verified platforms:
Use the official Yape app for verified transfers in Peru.