During April alone, we've already seen malicious versions of Angry Birds Space and Instagram in the wild. Both are Android apps that are really just malware designed to generate money from unsuspecting users by sending expensive international text messages. Now the same is happening with the popular Biophilla app.
Here's the official description of the app:
Biophilia is an extraordinary and innovative multimedia exploration of music, nature and technology by the musician Björk. Comprising a suite of original music and interactive, educational artworks and musical artifacts, Biophilia is released as ten in-app experiences that are accessed as you fly through a three-dimensional galaxy that accompanies the album’s theme song Cosmogony. All of the album’s songs are available inside Biophilia as interactive experiences: Crystalline, Virus, Moon, Thunderbolt, Sacrifice, Mutual Core, Hollow, Solstice, and Dark Matter.
Björk recently invited hackers and pirates to port her app from iOS to other platforms, but somehow I don't think Android malware is what she had in mind. Symantec identified the social engineering scam on third-party Android app download sites and described the malware as follows:
The app itself comes in two parts: the front-end, which has the ability to stream songs, and a background service with the name ‘Market’. Upon examination of the background service (designed to activate every time the phone starts) it appears to belong to the Android.Golddream family of threats. The authors of this family of threats are known to target third-party apps with malicious versions of popular apps, drawing revenue from premium SMS scams.
To reiterate, Biophilia is not available for Android. Some may have managed to port it illegally, but please beware that they may have included malware inside. If you want to get the official iOS version, get it from the official Apple App store. Here is the direct link: itunes.apple.com/app/bjork-biophilia/id434122935.
- Warning: Fake Instagram app on Android is malware
- Malicious version of Angry Birds Space spotted in the wild
- Android drive-by download attack via phishing SMS
- Researchers spot a fake version of Temple Run on Android's Market
- New variants of premium rate SMS trojan 'RuFraud' detected in the wild
- Android users hit by scareware scam