Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Android Apps Fool Hundreds of Thousands With Empty Promises

Nearly one million Android users have fallen victims to eight fake applications that falsely claimed to help them gain more followers on social networks, but instead stole their information and money.

Nearly one million Android users have fallen victims to eight fake applications that falsely claimed to help them gain more followers on social networks, but instead stole their information and money.

Detected as Android/Fasurke, these applications made it to the Google Play about four months ago, which gave them enough time to gather between 250,000 and 1,000,000 downloads, researchers at ESET discovered. These pieces of software attracted users with empty promises, with interesting app names, and with bogus descriptions.

These fake applications promised to boost user’s followers on different social networks, but did nothing of the sorts, researchers warn. Instead of offering more followers, friends or views on social networks, these apps lured users into sharing their personal information, paying perpetual subscriptions, or consenting to receiving marketing messages or ads.

When running the application, users were requested to enter their mobile device model, username and the number of followers they wished to gain, promising thousands of new followers with just one click. However, after supposedly launching the “followers generating process,” users were presented with a “human verification” step.

This step was meant to trick the user into entering an endless set of offerings of gifts, coupons and free services, and into sharing their personal information (name, email, address, telephone, date of birth, and gender). Moreover, users were asked to consent to receiving telesales calls and text messages, some of which cost around $5.50 per week.

According to ESET researchers, this “verification step” is actually an endless spiral, its only purpose being that of milking as much information and money as possible from the unsuspecting user. Although many individuals who downloaded these apps decided to share their negative experience via comments and low rating on Google Play, thousands of other people still downloaded them.

Google was informed on these applications and has already removed them from the marketplace, but ESET researchers say that similar threats might still exist, including users naïve enough to install them and share their personal information.

To stay protected, users are advised to download applications only from official storefronts, as they contain the smallest number of malicious applications. Before downloading an app, however, users should also have a look at its rating, should analyze the permissions it requests, and should think twice before installing a program that promises something “too good to be true.”

A golden rule that users should always apply is to never share their personal information with a third party, unless they are sure it is trustworthy. Moreover, users should not consent to something and should not be ordering goods or services unless they are sure about what they will receive in exchange.

Related: Android Trojan Posing as Flash Player Targets Banking Apps

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...