BEWARE - Rogue Android apps flood into alternative markets

BEWARE - Rogue Android apps flood into alternative markets

Summary: Send premium rate text messages to get free software.

SHARE:
TOPICS: Apps, Android
10

Android users beware ... the bad guys are now building convincing-looking Android markets pushing rogue Android apps and malware.

According to security firm Webroot, a lot of effort has been put into these sites.

These well-crafted websites follow a similar layout; they have device reviews, app descriptions with screenshots, QR Codes and FAQs. So far, we've only found these websites aimed at Russian users, with the web pages written in Russian. The descriptions are similar to those in the Android Market and the screenshots appear to be taken from the market. We are discovering that this network of SMS Trojans is fairly large.

These Trojans, which Webroot is calling Android.SMS.FakeInst, come in a number of variants but all have one purpose - to scam unwitting users into sending three premium rate text messages in exchange for an app.

The catch ... most of the apps are either available for free from the Google Android Marketplace or are fake apps which don't work. These apps also ask for a whole range of permissions - READ_PHONE_STATE, SEND_SMS, RECEIVE_SMS and INTERNET - which would essentially given then access to the whole handset.

Be careful out there!

Related:

Topics: Apps, Android

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • Rule#1: Stay in the Android Marketplace

    Stray from there and you are 'on your own'.
    Dietrich T. Schmitz *Your
    • RE: BEWARE - Rogue Android apps flood into alternative markets

      @Dietrich T. Schmitz * Your Linux Advocate And how is this different from a walled garden? Oh, that's right. You can expect to find malware on the Android market as well. So much for "open".
      ssaha
      • RE: BEWARE - Rogue Android apps flood into alternative markets

        @ssaha There's no "wall". There's only a sign at the boundary that says "Beyond this point there be dragons."

        Are you really embracing and cheering the idea that someone else decides what you can do on your own hardware?
        jgm@...
      • RE: BEWARE - Rogue Android apps flood into alternative markets

        @jgm@... Don't think he/she is saying that all, just pointing out the hypocrisy and has a very valid point.
        non-biased
    • RE: BEWARE - Rogue Android apps flood into alternative markets

      @Dietrich T. Schmitz * Your Linux Advocate
      That sounds an awful lot like the Apple model. Having used iPhones in the past and being on an Android phone now, I have to say the iControlled, iConsistent, iEffective, and iSimple world something I miss. Now that the iPhone has come to Sprint it's no big feat to see what my next upgrade (eligible in late 2012) will be.
      use_what_works_4_U
    • That doesn't do diddly

      @Dietrich T. Schmitz * Your Linux Advocate

      From the article:

      "The catch ??? most of the apps are either available for free from the Google Android Marketplace or are fake apps which don???t work."

      Staying within the Google Android Marketplace is NOT an effective security measure. This has been proven many times in the last year or two!

      J.Ja
      Justin James
      • RE: BEWARE - Rogue Android apps flood into alternative markets

        @Justin James It's more effective than using one of these alternative markets, isn't it? In one, if there's malware, Google will remove it. In the other, it's ALL malware, and they're certainly not going to remove any of it.
        jgm@...
      • Not necessarily

        @Justin James

        Amazon runs an app market, I am sure that they curate it as well. All the same, Dietrich's suggestion that all you need to do is stick with the "official" marketplace simply does not bear scrutiny.

        J.Ja
        Justin James
    • RE: BEWARE - Rogue Android apps flood into alternative markets

      @Dietrich T. Schmitz * Your Linux Advocate
      Funny how for so long one of the biggest talking points for Android was that you could get apps wherever you wanted yet know it's best to stay in the Android Marketplace.
      non-biased
  • Why don't bloggers proofread

    "... which would essentially __given then__ access..."<br><br>There's hardly a blog posted which doesn't have multiple basic spelling and grammar errors. Don't you ever look at what you write?
    nfordtchrpub