Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Security

More Android malware sprouting up amidst 2012 Olympics

Summary: Android is a common target for malware fiends, but the Olympics are providing cyber criminals with another opportunity.

Rachel King

By for Between the Lines |

zdnet-webroot-google-play-spotify

Android has been cited time and again as the mobile operating system most plagued by malware. It might not come as a surprise then that cyber criminals are taking advantage of the 2012 Summer Olympics as an opportunity and a cover-up for more malware.

Anti-malware and anti-virus solutions provider Webroot has issued a warning that because there are so many events happening at one time during the Olympics, it might be all the more tempting when viewers find an app available that focuses on one or just a few. 

This goes hand-in-hand with some other cyber threats attached to the Olympic Games that can really affect even just the casual viewer. RSA recently published some tips on dealing with Olympic-themed phishing emails as well as social media alerts that are disguised in order to steal personal information.

Webroot researchers cited an app app called "London Olympics Widget," which is described as an app that displays aggregated Olympic news coverage.

In fact, it's really just harvesting the user's contact list and device ID while reading up on SMS messages too.

Webroot goes into the nitty gritty details about permissions hidden in the underlying code as well as the digital certificate, but the bigger lesson here is to be extremely careful when it comes to downloading apps.

Despite some disputes about this, Android is still an open source platform at heart, which is what makes the mobile OS quite vulnerable in the first place.

Furthermore, Google Play and the Amazon Appstore don't screen every app available in these digital app stores for malicious code until they are reported. You don't really want to become the test case.

Webroot advises that consumers should take a close look at the author of the app and then search the name to see if it is in fact a reputable company and/or developer, as seen in the photo above.

During a session at Google I/O in June, Android security engineers also stressed several tips for the developer side of things that could instore more confidence for consumers as well, including offering a transparent privacy policy.

Screenshot via Webroot

UPDATE: Webroot's full report is available online now. Certainly, there is some debate as to whether or not Android is plagued with malware or being punished unfairly. Either way, this debate is healthy for the growth of the platform and to promote awareness about dangerous malware in the first place.

For further reference about malware presence on Android, read further on ZDNet, including these two reports in July based on studies from British Telecom and North Carolina State University. For an alternative take on Webroot's study, check out Ed Burnette's post.

Topics: Security, Android, Apps, Malware, Mobile OS

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

39 comments
Log in or register to join the discussion

  • I could not find it antwhere ?

    Did Webroot mention where this app has been published or is available? Did you ask them ? Did you try and find it in the Play Store for example (or anywhere else ?) to even verify that it actually exists ?, or did you just take Webroot's word for it ? Did Webroot contact Google and have the app taken down ? How many people have downloaded it ? Since your article has a screen shot of a google play store app (with out showing the title of the app), is this the app in question with 92,512 ratings or did you just put that in there for effect ?
    RandallRPR
    Reply 15 Votes

    • Malware in Google Play

      If 92,000 people downloaded the malware from Google Play, I'm pretty sure that piece of malware wouldn't last 24 hours before it's reported and removed.
      Any app that doesn't perform as described won't even have 92,000 downloads.
      Any app with funny permission request on install will have users reporting it in the feedback.
      Malware getting 92,000 downloads thru Google Play without any negative reports is pretty much impossible these days with so much scrutiny and feedback from users.
      warboat
      Reply 4 Votes

      • But they didn't

        But that deceptively-cropped image has nothing to do with the supposed malware in question, it's the number of people who had rated Spotify at the time the article was written, and Spotify isn't accused of being malware, so that image is pure FUD.
        dkboyd
        Reply 1 Vote

    • It appears that it may have been on Play Store

      From http://www.bestappsmarket.com/p/app?appId=237924&title=london-olympics-2012-widget

      This App seems to have been removed from the Market! Learn more here
      Package name: com.games.London.Olympics.widget
      Check on the Android Market:
      https://market.android.com/details?id=com.games.London.Olympics.widget
      Julie9009
      Reply 1 Vote

  • Disappointed.

    You have always been one of the writers here that I have admired for your thoroughness and balance.
    For all the reasons stated in the first post above, I am disappointed that you have fallen victim to the slanted kind of tripe, from the headline through the text, presented here.
    radleym
    Reply 8 Votes

  • Funny

    Typing "London Olympics Widget" in the google play store does not bring up any relevant results. Did anyone verify this article before posting it?
    If it is not in the play store, then why did ZDNet add a graphic of the play store?
    SciZDNet
    Reply 7 Votes

    • Defamation

      Google sues ZDnet for defamation.
      Apple forced to hire new shills and start new FUD site.
      :P
      warboat
      Reply 4 Votes

      • You getting scared?

        Must be scary to think you aren't the only one spreading FUD and posting things without verification.
        non-biased
        Reply Vote

  • Please respond

    Hi Rachel, I think an answer is warranted due to the fact that this app is not to be found anywhere.
    Ashtonian
    Reply 3 Votes

    • Hackstore

      might be available on some Chinese or Russian hackstore.....
      warboat
      Reply Vote

  • What a Fear Mongerer

    What, are you an iP*d user that is trying to spread fear to potential andriod users?
    It's really too bad that anyone can write whatever they feel like on the Web and most people will take it at face value as being accurate/correct/real/the truth.
    I am so surprised that you did not mention Apple or the istore anywhere here, but you do mention how Google and Amazon do not scrub all of there apps, where did you get that information from?
    stalkowski@...
    Reply 6 Votes

  • Correction..

    A bit behind the times, I'm afraid.

    In fact every app submitted in the Play store is scanned with Bouncer and suspicious apps are even run up and analysed in an emulator.
    davros62
    Reply 3 Votes

  • 3rd Party?

    Could have been a 3rd party app from some website, but I agree that some more details would clarify things. Only thing I saw anywhere resembling this app was:


    http://www.androidzoom.com/android_applications/sports/london-olympics-2012-widget_cifzl.html
    mclark.usa
    Reply 1 Vote

    • Don't show a graphic of the google play store

      And don't show a partial graphic from the play store with 92,512 installs.

      If it is only available from third party sites then be fair and report that the Android has to be manually changed from its default setting to accept third party apps.

      That's just shoddy reporting.
      SciZDNet
      Reply 3 Votes

      • Agreed

        If that was in fact the case, it should be mentioned that you cannot "accidentally" download these apps. The trend of reporting things without covering the 5 W's is really unsettling. Responsible journalism on the web is becoming quite rare unfortunately.
        mclark.usa
        Reply 4 Votes

  • Google does not scan apps?

    Have you head of "Bouncer"? No automated scan is 100% effective, but it is either dishonest or ignorant to say that files are not scanned.
    AMS-Ray
    Reply 4 Votes

  • Protect ur Phone

    I use LBE Secutiry App and never worry about malware or torjan

    https://play.google.com/store/apps/details?id=com.lbe.security.lite&hl=en
    droidtek123
    Reply 1 Vote

    • permissions

      It is just easier to look in the permissions before you install an app. Say, if a hypothetical Olympics widget wants to make phone calls or/and text messages, it might be dangerous.

      The author of the article is too ignorant to mention and suggest this very powerful feature of Android.
      eulampius
      Reply 1 Vote

      • oops

        I wanted to vote for you but inadvertently flagged! This damn system does not allow to unflag!!!
        cavehomme1
        Reply Vote

  • just a repost - read original article

    http://blog.webroot.com/2012/08/06/beware-of-malicious-olympic-2012-android-apps/

    All questions still not answered, but clarified by original post. Th image used is totally out of context and both articles probably more sensational than helpful.
    LConnally
    Reply 1 Vote
CNET Join | Log In | Privacy | Cookies Close