AntiMalwareJuly 14, 2026🇷🇺Translated from Russian

Generative AI Can Clone and Modify Android Apps for as Little as 88 Kopecks, Positive Technologies Warns

Specialists at Positive Technologies have shown that modern generative AI systems can rapidly create functional clones of Android applications at minimal cost, significantly lowering the entry threshold for potential attackers.

In a controlled experiment, researchers tested 90 popular applications across multiple categories. Instead of injecting malicious code, they instructed the AI models to make neutral modifications, reassemble the APK packages, and verify whether the altered apps remained operational. The results proved concerning for the security community.

Closed commercial models successfully completed the task in 84% of attempts, while models with open weights achieved a 61% success rate. On average, the AI required 14 iterations and between five and a half to nine minutes to produce a working modified version. The final cost per successful outcome ranged from 0.88 to 40.89 rubles, depending on the model and number of attempts.

These figures imply that a determined actor could attempt to modify approximately one hundred widely used applications for only a few thousand rubles. In real-world scenarios, the same process could be used to insert data-stealing functionality, change application behavior, or establish communication with external servers controlled by attackers.

The resulting counterfeit builds are easy to promote as official updates, improved versions, or applications unavailable in the Google Play store. Distribution channels include third-party app catalogs, websites, messaging platforms, and specialized online communities. Users who regularly sideload APK files from untrusted sources are particularly exposed.

Lowering the Barrier for App Modification Attacks

Positive Technologies emphasizes that generative AI has not invented a fundamentally new attack technique. Instead, it has automated and accelerated the labor-intensive process of reverse engineering and code modification that previously demanded considerable time and specialized expertise.

Developers are advised to implement stronger code protection mechanisms against analysis and tampering, actively monitor the appearance of unofficial builds, and integrate security considerations from the earliest stages of application design. Without such measures, malicious clones may appear faster than legitimate teams can release patches.