Malicious apps have become commonplace on Android Market, but in many cases they’re easy to identify because they request a lot of unnecessary permissions that give away their true purpose.
Symantec researchers stumbled upon some improved fraudulent Android app which requests a single permission during installation, making the rogue software seem more trustworthy.
Masquerading as popular games, a number of malevolent apps were discovered to be published under the name “Stevens Creek Software” and once they’re installed, they urge the user to complete the installation process by clicking on a button.
Once clicked, the button, after multiple redirects, leads the victim to a shady website that advertises “make easy money” schemes.
Symantec identifies these fraudulent apps as Android.Steek and Google has been notified of their presence in the Market, but if you want to make sure that you don’t install any malicious apps on your phone, you can check to see if the publisher of the paid version is the same as the publisher of the free variant.