14 DAY TRIAL //
Security researchers warn that application repackaging, a technique commonly used to distribute Android malware, has started being used in advertising fraud schemes.
It's already well known that Android malware distributors are taking legit apps that appeal to users and repackage them together with trojans.
The rogue apps are then distributed from unofficial app markets or even Google's official application store, as it happened numerous times until now.
Compared to the original apps, the rigged ones request more extensive permissions which are required for the malicious components.
It seems the technique works so well that it has attracted the attention of other types of cyber crooks as well.
"We've been seeing a rash of repackaged applications posted on the official Android Market," security researchers from Finnish antivirus vendor F-Secure note.
"Android apps are written in Java, and so they have a very low threshold for cloning, there are no real barriers to reverse engineer them," they explain.
However, in one particular case, the cloned app did not have any malicious code in it. Instead, it had an additional module which displays advertisements during its runtime.
"Presumably, the point of the repackaging is to include the advertisement module, with the developers gaining some kind of monetary reward when users view or click through the ads being displayed," the researchers say.
In this case, as expected, the cloned app was a very popular one, with between 1 million and 5 million installs to date. However, it wasn't a paid one. Cracking and repackaging paid apps would make them even more attractive to users, but it would also probably make it more easily for the original developers to spot them.
It's not clear how much money a single app can generate - probably not much - but automating the process for a large number of applications is most likely profitable.