Earlier this month, Trend Micro discovered a new piece of malware trying to take advantage of Skype's increasing popularity and called the threat JAVA_SMSSEND.AB. Cybercriminals had created a fake version of the Skype for Android app, designed to earn money from unsuspecting users. Now, Microsoft has caught up with the times, saying it found the threat last week, and is warning its customers about what it refers to as Trojan:Java/SMSFakeSky.A.
The Java in the name should not surprise you, given that Android apps are primarily developed in a custom version of the programming language. Thankfully, this is not a very good fake. The app in question only runs on older (pre Software Installation Script) Symbian phones or Android devices that allow execution of Java MIDlet.
The cybercriminals behind this scheme have set up fake websites advertising fake Skype apps. Most of the sites are hosted on Russian domains (.ru) but the fake apps themselves are hosted on Nigerien domains (.ne).
The reason this is not a good fake is that instead of an .apk file (the expected package file for Android apps), users are served up with a .jar (Java MIDlet). While the app poses as an installer for Skype, what it really does is install a piece of malware.
The devil is in the details: in the background, the malicious app sends expensive international text messages to earn its creators revenue. If criminals have control over the SMS send or MMS read functionalities, they can be triggered by the fake app's UI, and require user interaction by pressing Agree.
Behind the scenes, the malicious app does the dirty work to incur costs on the victim. If you use such a fake app, you can get even more malware by being told you require say, Adobe Flash Player, which actually ends up being another malicious app.
Since Microsoft owns Skype, the software giant is making a point to underline this threat. "Just as you would when taking care of any valuable property, mobile users need to take appropriate security measures and precautions," a Microsoft spokesperson said in a statement before advising users to consider the following measures:
- Download your apps from only legitimate and trusted sources.
- Install an antimalware solution for your device.
- Scan apps with your regular antimalware solution on your desktop before loading them directly onto your device. (You could even use Microsoft Security Essentials for this purpose.)
Android lets you download and install apps from anywhere. If you want the official version of an app, however, get it from the official Google Play store. Here is the official Skype link: play.google.com/store/apps/details?id=com.skype.raider.
- Android malware numbers explode to 25,000 in June 2012
- Android malware families nearly quadruple from 2011 to 2012
- Malware charges users for free Android apps on Google Play
- A first: Hacked sites with Android drive-by download malware
- Warning: Fake Biophilla app on Android is malware
- Warning: Fake Instagram app on Android is malware