We’re seeing more and more scams on the Android Market. Last week, we wrote about a developer that uses popular app names to trick users into downloading fake ones. Before that, we saw a fake Temple Run app making the rounds on the Android Market. This time, we saw 37 more apps that share a similar behavior as the previously reported ones. These are “fan apps,” which means that these aren’t the real game created by the original developer.
I noticed something odd just by looking at the fan apps’ web page. The developer’s website leads to dead links such as a.com site and a misspelled Google domain (it was spelled googel.com).
Another thing I noticed was that all the listed apps have the same screenshot. Once installed, the app forces the user to share it on Facebook (if installed) and give it a rating on the Android Market. It also aggressively displays ads as notifications and creates shortcuts on the infected device’s home screen.
The bigger problem, however, lies in the fact that the apps send sensitive information to particular remote servers. The information that gets sent out includes its OS version, International Mobile Equipment Identity (IMEI), and phone number, to name a few. Once any of these apps are run, the aforementioned information are immediately sent to the servers.
There is an option to stop the advertisements. However, users are likely to miss and ignore it since it’s hidden in the app’s description page on the site.
Never Shun the Opt-out Option
We took the initiative and reported these apps to Google a few days ago. They responded positively and took them off the Android Market.
However, the apps being taken off the Android Market does not eliminate this threat entirely. Cybercriminals can still choose to upload them to other sites such as third-party app stores, forums, and others. Nonetheless, regardless of where cybercriminals upload them, Trend Micro will still detect them as ANDROIDOS_FAKEAPP.SM.
Quite obviously, this trend of apps being equipped with aggressive advertising methods — especially those related to search monetization — will be seen for quite a while. Thus, users are advised to be extra careful when installing apps. To read more about this, users may refer to our previous blog entry Search Monetization as a New Threat to the Mobile Platform.
Trend Micro already protects against this threat. However, user education is still valuable in protecting your mobile devices from such attacks. Users may read more about mobile threats and tips on how to protect their mobile devices thru our Mobile Threat Information Hub.