33 rogue apps found, installed up to 2.8 million times

May 25, 2015 13:04 GMT  ·  By
Crooks used legitimate brand names to con users into activating premium-SMS
2 photos
   Crooks used legitimate brand names to con users into activating premium-SMS

Apps available in Google Play pretending to offer cheating tips for the popular Minecraft game tricked users into activating premium-rate SMS subscriptions.

During the past nine months, Lukas Stefanko from ESET says that they have uncovered no less than 33 such apps. Combined, they have been installed between 660,000 and 2.8 million times.

Users fooled to subscribe to premium service

After installing the rogue apps, users would not have access to any information helping them cut corners in the game. Instead, they would be presented with banners and advertisements saying that their Android device was infested with malware, providing a link to an alleged solution.

Stefanko says that, in an effort to make the scam appear credible, cybercriminals took advantage of the names of reputed mobile antivirus vendors, such as G Data.

The researcher informs in a blog post on Friday that the final goal of the scareware campaign was to subscribe the victim to a premium-rate messaging service that charged a weekly €4.80 / $5.30.

However, to make it to Google Play, the nefarious apps needed to have permissions that would fit their advertised purpose, which did not include SMS sending.

As such, duping the user relies on social engineering, which consists in preparing “an SMS in the system default SMS application. The text of the SMS appears as an activation of the antivirus product.”

Stefanko says that the language of the scareware advertisements is adapted to the geographic location of the device, which is not an unusual method with ransomware.

Poor reviews had no effect on some users

The first of the malicious Minecraft cheat apps was spotted by the researcher in Google Play in August 2014, and despite the negative comments from the users, for some of them, the marketplace counted between 100,000 and 500,000 installs. Google was alerted of the harmful apps and took them all down.

To counter such incidents, Google started to rely on human analysis, apart from the automated screening carried out by Bouncer scanner. The human touch consists in checking if a submitted app product respects the service’s policies for app developers, integrates malicious code or misleads the user in any way.

The new security approach for apps in Google Play was announced in March by product manager Eunice Kim, who said that this type of examination had actually started several months before.

Google removed the fake apps from Google Play
Google removed the fake apps from Google Play

Photo Gallery (2 Images)

Crooks used legitimate brand names to con users into activating premium-SMS
Google removed the fake apps from Google Play
Open gallery