Over 600,000 Android users installed at least one of the malicious apps. The goal of the apps is to get an unsuspecting user to sign up for a premium SMS service at a cost of 4.80EUR per week.
ESET reported its discovery last week on its blog, detailing over 30 different apps that had managed to get through Google's malware filter, Bouncer. They were uploaded to the market over the past 9 months from different developer accounts, though they all likely come from the same source.
"According to public data from the Google Play store, several of them were installed between 100.000 – 500.000 times and the total number of installations of all 33 scareware applications lies between 660.000 and 2.800.000," ESET Malware Researcher, Lukas Stefanko, writes.
The apps have pretty much no functionality. Instead, any interaction with the apps just brought up warnings about dangerous virus infections. Eventually, the app would prepare a text message in the phone's default SMS application, appearing to be a code to activate an antivirus product. In reality, if the user sends it, they will sign up for a premium SMS service at a cost of 4.80 EUR per week.
Sources and Recommended Reading:
Scareware: Fake Minecraft apps Scare Hundreds of Thousands on Google Play: www.welivesecurity.com
Written by: James Delahunty @ 25 May 2015 6:26