Warning: Fake Biophilla app on Android is malware

Warning: Fake Biophilla app on Android is malware

Summary: Cyber criminals have created a fake Biophilla app for Android that is really just malware in disguise. Your first red flag should be that Biophilla is officially available on iOS, but not on Android.

SHARE:

During April alone, we've already seen malicious versions of Angry Birds Space and Instagram in the wild. Both are Android apps that are really just malware designed to generate money from unsuspecting users by sending expensive international text messages. Now the same is happening with the popular Biophilla app.

Here's the official description of the app:

Biophilia is an extraordinary and innovative multimedia exploration of music, nature and technology by the musician Björk. Comprising a suite of original music and interactive, educational artworks and musical artifacts, Biophilia is released as ten in-app experiences that are accessed as you fly through a three-dimensional galaxy that accompanies the album’s theme song Cosmogony. All of the album’s songs are available inside Biophilia as interactive experiences: Crystalline, Virus, Moon, Thunderbolt, Sacrifice, Mutual Core, Hollow, Solstice, and Dark Matter.

Björk recently invited hackers and pirates to port her app from iOS to other platforms, but somehow I don't think Android malware is what she had in mind. Symantec identified the social engineering scam on third-party Android app download sites and described the malware as follows:

The app itself comes in two parts: the front-end, which has the ability to stream songs, and a background service with the name ‘Market’. Upon examination of the background service (designed to activate every time the phone starts) it appears to belong to the Android.Golddream family of threats. The authors of this family of threats are known to target third-party apps with malicious versions of popular apps, drawing revenue from premium SMS scams.

To reiterate, Biophilia is not available for Android. Some may have managed to port it illegally, but please beware that they may have included malware inside. If you want to get the official iOS version, get it from the official Apple App store. Here is the direct link: itunes.apple.com/app/bjork-biophilia/id434122935.

See also:

Topics: Apps, Android, Google, Hardware, Malware, Mobile OS, Mobility, Security, Smartphones

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • This isn't really worth the effort to comment but . . .

    I am so tired of the irresponsible reporting. All the "Android malware" reports do nothing to help users since almost all of them do not apply to apps available in the Google Play store. This story and the Instagram story and the Angry Birds Space etc do over saturate knowledgeable users so that real stories about real threats are more easily ignored. Since these apps are found in non Google app stores and are more likely to be in languages other than English it is unlikely that any potentially affected users will be reading this blog. They certainly do not deserve the headlines and type of coverage you provide.

    Articles like this remind me of the old email virus scares. They became as much of a virus as any real virus as users forwarded them to all their email contacts.
    Find something worth reporting and then do a good job of it.
    adamwest603
    • Social enginering tactics are the number 1 methond of installing malware

      It works. No firewall, anti-virus, or intrusion protection system can prevent a zero day trojan if executed.

      android apps can be downloaded via PC web browser and loaded on to phone. To the unsuspecting user, the app will look legit, thus installing it. One of android users perks is to not be "Jailed In" like iOS thus will be actively looking for free apps, where availible.

      socail engineering has evolved from phishing emails and malware laced email attachments to embeded code in flash, java, macros, and even https sites themselves. One particularly tricky malware are "false anti-virus software" for windows. It works by placing a trap ad on certain web sites that launches a popup or in website warning that your computer is infected with a virus and offer the user to scan and clean the infection. Many users would find this alarming and click the popup or banner. The installer of the "false anti-virus" runs while displaying a bogus virus scan utilising a UI that is made using actual screen shots of official windows UI to make it seem legit. The "false anti-virus" will then diable your anti-virus program and redirect your internet to the local host which will have a fake http anti-virus registration website. They will ask for subscription fee for the "full product". if you fill that out. you could loose more than just money, but your identity too.
      The most vunerable aspect of IT security is the human aspect.
      Bakabaka
  • Its good to know...

    @Adamwest603:

    It is good to be noted as a story, I come here everyday and its good information to know. I am a tech guy and this would not affect me but it may affect someone I know, Now since I saw the story here, I can remind my not so technical friends to watch out and remind them to use the Google app store and not download apps from other places. If I had not seen the article here, I might not have known.
    spikey289
  • MakeCash25.com

    Monetize your time spent online and make a nice extra income, working from home few hours a day. Just follow the instructions given on this site to setup your account. You can earn anywhere between $1000-5000 a week! More info at
    MakeCash25.com
  • work at home

    as Tammy answered I'm dazzled that any body able to get paid $8241 in 4 weeks on the internet. did you read this site link makecash16.c om
    zamoracarl
  • As I'm typing this...

    ...the two latest posts in this thread are spam. Could they link to malware? In any case, ZDNet should try to keep their own site clean along with worrying about the latest malware somewhere else. Funny that they always put Android or Apple in the headline for the malware reports, as applicable, but not Windows. Guess that's still the default assumption.
    gfeier