Android users warned of fake app store malware risk

News 14 May, 2012

Anti-virus software vendor sounds alarm over malware-peddling Android app stores.

Malware authors are setting up alternative app marketplaces to defraud unwitting Android phone users, according to anti-virus software vendor AVAST.

The firm’s research team uncovered the scam, which tricks Android phone users into downloading apps that are used to send out premium rate SMS messages.

This is nothing new in the Android world as bad guys have been doing this in various ways for several months.

In an AVAST blog post, the firm identified four sites, including t2file.net, uons.net, uote.net and sofile.net, it claims have been deliberately set up by cyber criminals to defraud Android users.

The sites are reportedly inaccessible to computer users. But, when accessed via a smartphone, a downloader is installed that generates premium rate text messages.

“All these sites were registered a week ago, so it looks like they were supposed to serve as a malware hosting [platform] for bad guys from the very beginning,” said the blog post.

“Analysing the trail the malware creators left for us, we’ve discovered a few sites they have used in order to attract users and all of them target Russian speaking people and look like alternative markets.”

However, although the scam is targeted at Russian speakers, the fake downloader can create premium rate messages in 60 languages.

“This [malware] concept is nothing new in the Android world as the bad guys have been doing this in various ways for several months,” said the blog.

“[The lesson is] never trust weird looking alternative markets and always check the app permissions. If you’ve downloaded a game that asks for SMS and phone call permissions, it probably means that someone is about to ‘play you’ instead,” the post concluded.

Read more about: