Nearly one million Android users have fallen victims to eight fake applications that falsely claimed to help them gain more followers on social networks, but instead stole their information and money.
Detected as Android/Fasurke, these applications made it to the Google Play about four months ago, which gave them enough time to gather between 250,000 and 1,000,000 downloads, researchers at ESET discovered. These pieces of software attracted users with empty promises, with interesting app names, and with bogus descriptions.
These fake applications promised to boost user’s followers on different social networks, but did nothing of the sorts, researchers warn. Instead of offering more followers, friends or views on social networks, these apps lured users into sharing their personal information, paying perpetual subscriptions, or consenting to receiving marketing messages or ads.
When running the application, users were requested to enter their mobile device model, username and the number of followers they wished to gain, promising thousands of new followers with just one click. However, after supposedly launching the “followers generating process,” users were presented with a “human verification” step.
This step was meant to trick the user into entering an endless set of offerings of gifts, coupons and free services, and into sharing their personal information (name, email, address, telephone, date of birth, and gender). Moreover, users were asked to consent to receiving telesales calls and text messages, some of which cost around $5.50 per week.
According to ESET researchers, this “verification step” is actually an endless spiral, its only purpose being that of milking as much information and money as possible from the unsuspecting user. Although many individuals who downloaded these apps decided to share their negative experience via comments and low rating on Google Play, thousands of other people still downloaded them.
Google was informed on these applications and has already removed them from the marketplace, but ESET researchers say that similar threats might still exist, including users naïve enough to install them and share their personal information.
To stay protected, users are advised to download applications only from official storefronts, as they contain the smallest number of malicious applications. Before downloading an app, however, users should also have a look at its rating, should analyze the permissions it requests, and should think twice before installing a program that promises something “too good to be true.”
A golden rule that users should always apply is to never share their personal information with a third party, unless they are sure it is trustworthy. Moreover, users should not consent to something and should not be ordering goods or services unless they are sure about what they will receive in exchange.
Related: Android Trojan Posing as Flash Player Targets Banking Apps