Since the last year there has been a serious increase in the number of Fraud Android apps over the internet and the story is just adding in more headlines over the current year. A week ago Symantec revealed that they had come across a piece of malware called Android.Exprespam, designed to collect personal data from the devices it infected. Until recently, malwares had their sources rooted in secondary devices, websites and e-mails but now after the Android market began piping hot, it found the attention of the malware developers.
Symantec write in their official blog;
In October 2012, the Tokyo Metropolitan Police arrested a group of five individuals for their involvement in developing and distributing Android malware that collected personal data, but that did not deter at least one group of scammers from doing the same as they continued to lure Android device owners to their malware. The Tokyo District Public Prosecutors Office then dismissed the case in December last year because it was unable to find enough evidence to prove that the five suspects were committing a crime. The dismissal has now led to the creation of yet another Android malware targeting Japanese Android device owners.
Earlier another Android malware called the Android.Enesoluty, which still persists was found. Spam emails with link to a fake Google Play was forwarded which are hosted on a server located in Washington State in the United States. After the news about the fake pages started spreading, the scammers just built another one called Android Express’s Play.
Symantec has given out a list of about 9 fake apps, these apps are all the same in the way it works, i.e to steal your private data, but each of the apps are named relative to some high-demand apps, so that more victims would fall into the trap…
So, you better have a thorough check on the download source.
As for the protection measures Google are using:
Bouncer : conducts automated scans on the apps uploaded to Google Play, where they are loaded into a software emulator using Google’s cloud infrastructure, the app feels as if running on an Android device, while in reality it is running inside a program that behaves like an Android device. The app is allowed to perform its function for sometime while Google watches on it, and if nothing suspicious is given a pass.
Another one is the JellyBean 4.2’s app verification, which verifies app from any source while the device has Google Plat installed. If the verification fails, the app is considered dangerous and blocked.
While all the protections persist, the final security revolves around how careful you are, its better to keep out of anything suspicious, keep your OS updated, immediately close those app downloads which request permissions, and you may use antivirus from trusted vendors. Instead of blindly accepting all that shows up on the screen while installing or downloading, make it a habit to read it carefully, if you wish not to fall in any pit…
The table below is from the Symantec blog with the names of the apps, if any of these apps get installed, it sends or all the personal information in the device to a remote server. The fake apps usually seeks permission to read the phone’s state etc while the legitimate ones generally wont.
- Android malwares hosted in Google Play by “apkdeveloper” (ehackingnews.com)
- Symantec flags malicious Android porn wallpaper apps (itpro.co.uk)
- Who can fight Android malware? Not Google, it seems (digitaltrends.com)
- Symantec: Malware masquerading as Android apps (reviews.cnet.com)