Android malware comes in all shapes and sizes and with varying degrees of complexity. There are advanced threats such as Rootkit.OldBoot.B that include extensive and sophisticated code, and then there are the old fashion snake-oil scams where you pay a premium for and utterly useless item. It is the latter that are of interest to us today.
Recently Kaspersky labs expert Roman Unuchek uncovered an Android app developer with a catalogue of snake-oil and magic-bean applications for sale on Google Play. The simplicity of these apps is actually the reason they were able to slip past Google Play's security system. Google Bouncer is designed to detect malicious activities within applications and prevent malware from making its way into the market, but these apps don't actually execute any malicious functions, in fact these apps do nearly nothing at all.
For as little as 34.00 rubles (about $0.99 USD) and as much as 149.00 rubles (about $4.32 USD) victims could purchase fake versions of popular, normally free, applications. Fake browsers and fake antivirus applications were the most prominent applications listed as well as a few other game and utility applications.
None of the fake applications offered by this developer preformed any beneficial functions. The fake antivirus apps simply displayed progress bars indicating scanning was taking place but the apps themselves did not contain any code to actually execute such an activity.
This particular style of scam is reminiscent of the Virus Shield scam discovered in late April. Virus Shield was a fake antivirus applications sold on Google Play and was remarkably popular during its brief stint on the market, garnering more than 30,000 downloads in a little less than a week. Virus Shield also displayed a fake scanning progress bar but failed to perform any of its advertised functions.
Victims of the Virus Shield fraud were offered a refund in the form of a $5 promotion credit for any other item on Google Play. If you believe that you have been victimized by one of these fake applications we urge you to contact Google about the possibility of a refund.
How to Spot a Scam
This is a particularly sneaky type of scam, normally the best way to uncover Android malware is by reviewing the permission requested looking for anything unusual, but these apps will request few, if any, permissions making them difficult to spot. To protect yourself from this type of scam you need to be vigilant about researching developers before downloading apps. Look at the developers website and search for them on social media, not having a developer website or social media presence is generally a bad sign. Use the developers social media page as a report card, look to see what other customers are saying about the developer and the product and whether or not they are satisfied.
Here are a few additional tips to stay safe online:
- Stay current with application and operating system updates. Updates often include patches to newly discovered security vulnerabilities to make your device more secure.
- Install and use an Android Antivirus application. An antivirus app will help you detect and avoid threats that you didn't know about.♦
James Green is a mobile security researcher who has worked in the Android security field for several years providing privacy and security advice to Android users. Email:James@ArmorforAndroid.com; Twitter:@James_AfA