Security researchers have analyzed multiple fake Yape APKs. Here’s what they typically include:
| Component | Real Yape | Fake Yape | |-----------|-----------|------------| | Source | Google Play Store, iOS App Store | Unknown websites, Telegram, WhatsApp | | Digital signature | Signed by BCP | Self-signed or stolen | | Permissions | Contacts, camera, storage (minimal) | Overlay, accessibility, SMS read, install unknown apps | | Behavior | Payment processing | Keylogging, screen recording, forwarding SMS | | Payload | None | Banking trojan (e.g., Ermac, Ghimob, or WhatsApp stealer) |
Concrete dangers:
Even if you’re tempted, look for these red flags:
A YouTube video shows a modified Yape with “unlimited sending.” After download, the app asks for “accessibility permission” – then silently transfers your real balance to the scammer when you try to send S/ 10. Yape Fake App Descargar
If you installed an APK from an unknown source claiming to be a fake or modded version of Yape:
Esta APK se ve idéntica a la app real. Al abrirla, te pide tu número de DNI, celular y clave de acceso. En realidad, no se conecta a los servidores de Yape. Simplemente envía tus credenciales a un servidor controlado por ciberdelincuentes. En menos de 5 minutos, vacían tus cuentas vinculadas. Security researchers have analyzed multiple fake Yape APKs
Fake apps rarely succeed on the official Google Play Store or Apple App Store due to rigorous vetting processes. They rely on Side-loading and Social Engineering.