Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Android Apps Fool Hundreds of Thousands With Empty Promises

Nearly one million Android users have fallen victims to eight fake applications that falsely claimed to help them gain more followers on social networks, but instead stole their information and money.

Nearly one million Android users have fallen victims to eight fake applications that falsely claimed to help them gain more followers on social networks, but instead stole their information and money.

Detected as Android/Fasurke, these applications made it to the Google Play about four months ago, which gave them enough time to gather between 250,000 and 1,000,000 downloads, researchers at ESET discovered. These pieces of software attracted users with empty promises, with interesting app names, and with bogus descriptions.

These fake applications promised to boost user’s followers on different social networks, but did nothing of the sorts, researchers warn. Instead of offering more followers, friends or views on social networks, these apps lured users into sharing their personal information, paying perpetual subscriptions, or consenting to receiving marketing messages or ads.

When running the application, users were requested to enter their mobile device model, username and the number of followers they wished to gain, promising thousands of new followers with just one click. However, after supposedly launching the “followers generating process,” users were presented with a “human verification” step.

This step was meant to trick the user into entering an endless set of offerings of gifts, coupons and free services, and into sharing their personal information (name, email, address, telephone, date of birth, and gender). Moreover, users were asked to consent to receiving telesales calls and text messages, some of which cost around $5.50 per week.

According to ESET researchers, this “verification step” is actually an endless spiral, its only purpose being that of milking as much information and money as possible from the unsuspecting user. Although many individuals who downloaded these apps decided to share their negative experience via comments and low rating on Google Play, thousands of other people still downloaded them.

Google was informed on these applications and has already removed them from the marketplace, but ESET researchers say that similar threats might still exist, including users naïve enough to install them and share their personal information.

Advertisement. Scroll to continue reading.

To stay protected, users are advised to download applications only from official storefronts, as they contain the smallest number of malicious applications. Before downloading an app, however, users should also have a look at its rating, should analyze the permissions it requests, and should think twice before installing a program that promises something “too good to be true.”

A golden rule that users should always apply is to never share their personal information with a third party, unless they are sure it is trustworthy. Moreover, users should not consent to something and should not be ordering goods or services unless they are sure about what they will receive in exchange.

Related: Android Trojan Posing as Flash Player Targets Banking Apps

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cybercrime

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...