Shortly after we reported about a fake Temple Run app in the Android Market, we were alerted to yet another developer that uses popular apps as guises to trick users into downloading rogue apps.
Here, you can see the developer’s name which appears to be quite similar to the one who developed the popular game, Angry Birds. You’ll notice, though, that the said popular game is not on the list of this particular developer’s offered apps.
Looking closely, the developer is not really Rovio Mobile Ltd, the Angry Birds developer. The “L” in the word “Mobile” is actually an “I”, so if we spell the developer’s name in all small letters, the name would be “rovio mobiie ltd”.
It is quite tricky and easy to miss. Users would really have to check the developer’s name closely on the “More from developer” tab to see the real name.
The names and icons used for the apps were taken from other existing apps. Once the user tries to install any of the apps listed under “rovio mobiie ltd” , the app will display an image (also taken from the original app) that has been modified to include text telling the user to click the link in order to complete the installation process.
This will lead to a webpage that the user needs to fill up to unlock the “full version”. However, it ends up redirecting users to advertisements, which is similar to what the fake Temple Run app did in our previous report.
App stores ideally create a more secure environment for mobile users, where they can choose from pre-checked applications to download onto their devices. This works very well for users, as they are able to leverage the “reputation system” instilled within the app store to be able to find the good and popular apps.
However, it seems that cybercriminals are now learning to play the apps stores’ reputation system. The popularity of the game Temple Run was used to trick users before, and this time, the reputation of the app developer Rovio Mobile Ltd. was used. We expect that more cybercriminals will continue with this method, so it is very important for users to be informed of how they can avoid being victimized.
Read our entry, Checking the Legitimacy of Android Apps to learn more about installing apps onto Android-based devices or visit our Mobile Threat Information Hub for more tips on keeping your mobile devices safe.
Trend Micro already detects the apps shown above as ANDROIDOS_FAKECLICK.ER. The said apps have already been taken off the Android Market.