Malware, Adware in This Week’s Dangerous Android Apps

Bad Android apps can take many forms. Whether they are out to steal data, sign you up for premium rate SMS services, or pushing dodgy and malicious links via advertiser networks, users need to beware. SecurityWatch is partnering with a handful of security companies who monitor apps on Google Play and third-party marketplaces to identify malicious apps you should avoid.

If you happen to already have it, immediately remove the apps from your Android device and check your bill for unexplained charges.

Theoretically, malware can target any mobile platform. There are Zeus-in-the-mobile variants targeting BlackBerry devices, Java exploits targeting Symbian phones, and the occasional proof-of-concept going after iOS devices. But for the most part, when anyone talks about dangerous mobile apps, they mean Android apps.

For this week’s list (Memorial Day edition) we have three apps Appthority found on third-party Websites and a bonus app BitDefender flagged on Google Play for using aggressive ad networks.

[1] Fake Google Play Installer
Appthority found Fake Google Play Installer on a third-party Website that had “Google” in its domain name. Part of BadBadPiggies and Android.FakeInstaller malware families, this bad app targets European and Russian users.

When the app is running, it displays a fake progress bar that doesn’t do anything and sends text messages to premium rate numbers in the background. The app sends statistics, such as the mobile device identifiers and the number of premium rate SMS messages it has sent, over to a Google account “Android Cloud to Device Messaging.”

[2]  Zoukmobile Top Music
Zoukomobile Top Music is one of the several fake apps Appthority found on a third-party platform. When the app is running, it displays a list of popular artists, such as David Guetta, along with songs that users can listen to. The app uses the SMS subscription service “Zoukmobile” (a reference to wireless application service and SMS subscription provider in Malaysia) to charge users around $4 a week for streaming music.

The app actually has a terms of service agreement where it explains that users will be charged a fee for the streaming service. “The app is using commercial music that likely was downloaded illegally and charging an absurd amount, giving it a malware rating from us,” Appthority said.

[3] Fake Tank
Appthroity found Android.OpFake malware inside Fake Tank, which was distributed through another Website. When the app runs, the user sees a form pointing to another Website that Website informs you—via a terms of service page—that you are being signed up for a premium SMS subscription service while the app is sending messages.

[4] Fart Sounds Machine Version 2.2|10
BitDefender found Fart Sounds Machine, version 2.2 on Google Play. The app has a four star rating and has been downloaded between 500,000 to a million times. This app uploads the device’s unique id to static.leadbolt.net and AirPush—an aggressive ad network. The app also uploads your phone number, location, and email address to AirPush. AirPush is known for displaying ads in the notification area and advertisement icons on the user’s Home screen.

Source: PCMAG