ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

BEWARE - Rogue Android apps flood into alternative markets

By | November 7, 2011, 5:01am PST

Summary: Send premium rate text messages to get free software.

Android users beware … the bad guys are now building convincing-looking Android markets pushing rogue Android apps and malware.

According to security firm Webroot, a lot of effort has been put into these sites.

These well-crafted websites follow a similar layout; they have device reviews, app descriptions with screenshots, QR Codes and FAQs. So far, we’ve only found these websites aimed at Russian users, with the web pages written in Russian. The descriptions are similar to those in the Android Market and the screenshots appear to be taken from the market. We are discovering that this network of SMS Trojans is fairly large.

These Trojans, which Webroot is calling Android.SMS.FakeInst, come in a number of variants but all have one purpose - to scam unwitting users into sending three premium rate text messages in exchange for an app.

The catch … most of the apps are either available for free from the Google Android Marketplace or are fake apps which don’t work. These apps also ask for a whole range of permissions - READ_PHONE_STATE, SEND_SMS, RECEIVE_SMS and INTERNET - which would essentially given then access to the whole handset.

Be careful out there!

Related:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Android Market, Android App, Android User, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

10
Comments
Add Your Opinion

Join the conversation!

Just In

RE: BEWARE - Rogue Android apps flood into alternative markets
non-biased 15th Nov
@jgm@... Don't think he/she is saying that all, just pointing out the hypocrisy and has a very valid point.
View in thread
0 Votes
+ -
Rule#1: Stay in the Android Marketplace
Dietrich T. Schmitz * Your Linux Advocate 7th Nov
Stray from there and you are 'on your own'.
0 Votes
+ -
RE: BEWARE - Rogue Android apps flood into alternative markets
ssaha 7th Nov
@Dietrich T. Schmitz * Your Linux Advocate And how is this different from a walled garden? Oh, that's right. You can expect to find malware on the Android market as well. So much for "open".
0 Votes
+ -
RE: BEWARE - Rogue Android apps flood into alternative markets
jgm@... 7th Nov
@ssaha There's no "wall". There's only a sign at the boundary that says "Beyond this point there be dragons."

Are you really embracing and cheering the idea that someone else decides what you can do on your own hardware?
0 Votes
+ -
RE: BEWARE - Rogue Android apps flood into alternative markets
non-biased 15th Nov
@jgm@... Don't think he/she is saying that all, just pointing out the hypocrisy and has a very valid point.
0 Votes
+ -
RE: BEWARE - Rogue Android apps flood into alternative markets
use_what_works_4_U 7th Nov
@Dietrich T. Schmitz * Your Linux Advocate
That sounds an awful lot like the Apple model. Having used iPhones in the past and being on an Android phone now, I have to say the iControlled, iConsistent, iEffective, and iSimple world something I miss. Now that the iPhone has come to Sprint it's no big feat to see what my next upgrade (eligible in late 2012) will be.
0 Votes
+ -
That doesn't do diddly
Justin James 7th Nov
@Dietrich T. Schmitz * Your Linux Advocate

From the article:

"The catch ??? most of the apps are either available for free from the Google Android Marketplace or are fake apps which don???t work."

Staying within the Google Android Marketplace is NOT an effective security measure. This has been proven many times in the last year or two!

J.Ja
0 Votes
+ -
RE: BEWARE - Rogue Android apps flood into alternative markets
jgm@... 7th Nov
@Justin James It's more effective than using one of these alternative markets, isn't it? In one, if there's malware, Google will remove it. In the other, it's ALL malware, and they're certainly not going to remove any of it.
0 Votes
+ -
Not necessarily
Justin James 7th Nov
@Justin James

Amazon runs an app market, I am sure that they curate it as well. All the same, Dietrich's suggestion that all you need to do is stick with the "official" marketplace simply does not bear scrutiny.

J.Ja
0 Votes
+ -
RE: BEWARE - Rogue Android apps flood into alternative markets
non-biased 15th Nov
@Dietrich T. Schmitz * Your Linux Advocate
Funny how for so long one of the biggest talking points for Android was that you could get apps wherever you wanted yet know it's best to stay in the Android Marketplace.
0 Votes
+ -
Why don't bloggers proofread
nfordtchrpub Updated - 7th Nov
"... which would essentially __given then__ access..."

There's hardly a blog posted which doesn't have multiple basic spelling and grammar errors. Don't you ever look at what you write?

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix