Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Android Apps Fool Hundreds of Thousands With Empty Promises

Nearly one million Android users have fallen victims to eight fake applications that falsely claimed to help them gain more followers on social networks, but instead stole their information and money.

Nearly one million Android users have fallen victims to eight fake applications that falsely claimed to help them gain more followers on social networks, but instead stole their information and money.

Detected as Android/Fasurke, these applications made it to the Google Play about four months ago, which gave them enough time to gather between 250,000 and 1,000,000 downloads, researchers at ESET discovered. These pieces of software attracted users with empty promises, with interesting app names, and with bogus descriptions.

These fake applications promised to boost user’s followers on different social networks, but did nothing of the sorts, researchers warn. Instead of offering more followers, friends or views on social networks, these apps lured users into sharing their personal information, paying perpetual subscriptions, or consenting to receiving marketing messages or ads.

When running the application, users were requested to enter their mobile device model, username and the number of followers they wished to gain, promising thousands of new followers with just one click. However, after supposedly launching the “followers generating process,” users were presented with a “human verification” step.

This step was meant to trick the user into entering an endless set of offerings of gifts, coupons and free services, and into sharing their personal information (name, email, address, telephone, date of birth, and gender). Moreover, users were asked to consent to receiving telesales calls and text messages, some of which cost around $5.50 per week.

According to ESET researchers, this “verification step” is actually an endless spiral, its only purpose being that of milking as much information and money as possible from the unsuspecting user. Although many individuals who downloaded these apps decided to share their negative experience via comments and low rating on Google Play, thousands of other people still downloaded them.

Google was informed on these applications and has already removed them from the marketplace, but ESET researchers say that similar threats might still exist, including users naïve enough to install them and share their personal information.

To stay protected, users are advised to download applications only from official storefronts, as they contain the smallest number of malicious applications. Before downloading an app, however, users should also have a look at its rating, should analyze the permissions it requests, and should think twice before installing a program that promises something “too good to be true.”

Advertisement. Scroll to continue reading.

A golden rule that users should always apply is to never share their personal information with a third party, unless they are sure it is trustworthy. Moreover, users should not consent to something and should not be ordering goods or services unless they are sure about what they will receive in exchange.

Related: Android Trojan Posing as Flash Player Targets Banking Apps

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.