9:16 am (UTC-7) | by Bob Pan (Mobile Security Engineer)
Just days after its release on the Apple App Store, some sites are already offering their own dubious versions of Temple Run 2 for Android.
With 20 million downloads just 4 days after its release on the Apple App Store, Temple Run 2 is indeed highly-anticipated among Temple Run fans and gaming fanatics. While the Android version of the game is scheduled for release this Thursday, we already found certain websites peddling what appears to be Temple Run 2 for Android.
We downloaded a supposed Temple Run 2 app and analyzed it. Luckily, the apps (detected by Trend Micro as ANDROIDOS_FAKETEMPLRUN.A) do not exhibit any noteworthy malicious routines. However, they do send ad notifications to users. And to rub salt to wound, both apps do not run the actual Temple Run game.
We also noticed other sites that offer Temple Run 2. Looking closely at the description of one of these sites, the developer posted a disclaimer about the app. Though the site does not exhibit any harmful routine, the use of Temple Run 2 to persuade users to download the “wallpaper” app (some sites offer a puzzle app, among others) is quite suspect.
With these incidents, we may only be scratching the surface here. As the release date draws near, we may be seeing other fake and more harmful versions in the wild.
Popularity Can Be Dangerous
This is not the first time that certain suspicious developers piggyback on the popularity of Temple Run. Before it was even released for Android, we noted fake versions made available on the Android Market, which Google immediately removed. Other popular mobile apps like Instagram, Angry Birds, and Farm Frenzy also had their share of fake versions in the past.
In our Security Threat Predictions for 2013, we are expecting that volume of Android malware will hit 1 million. This is not a far-fetched idea, considering that the number of malicious and high-risk Android apps in 2012 reached to 350,000, which is beyond our projected increase of 100,000 in 2011.
It is common for suspicious developers and parties to use the name of popular apps as social engineering bait. As soon as new versions make headlines, expect that these guys are out there concocting their bogus versions. Thus, users must do a little bit of research before downloading any app. It is certainly helpful to check the page’s user comments section and review the developer’s reputation.
Trend Micro Mobile Security Personal Edition protects a user’s device by detecting these fake apps. To know more about Android-related threats and how to secure mobile devices, you can visit our Mobile Threat Information Hub.
To know more about our predictions for Android and the threat landscape, you may watch our interview with Chief Technology Officer Raimund Genes here.
Share this article