14 DAY TRIAL // One of the biggest problems on Samsung phones is the lack of update consistency, as the South Korean company typically needs more time to deliver security updates.
And despite the fact they’re called monthly security updates, they don’t necessarily arrive every month on Samsung phones, as the manufacturer occasionally skips some releases and leaves devices running older security patch levels.
An application called “Updates for Samsung” promised to resolve this issue by providing Android users with the updates that the company actually missed.
And while this isn’t possible unless Samsung compiles the updates, the bogus app was downloaded by over 10 million users, many of them probably thinking this is an official Android app developed by the parent company itself.
Only that it wasn’t, and as security firm CSIS discovered, it redirected users to an ad-farm that eventually requested users to pay for updates.
App already removed
The application also came with what was advertised as a subscription system to download new Samsung firmware update in exchange for an annual fee of $34.99. However, the payments were not processed through the Google Play subscription service, and the app requested users to enter their credit card details to transfer the money.
“The download is also almost doomed to timeout and fail, hence “motivating” the user to pay for “Fast downloads through paid premium packages”. During our tests, we too have observed that the downloads don’t finish, even when using a reliable network,” the security experts explain.
At this point, it’s not yet known how many users fell for it, but given it has more than 10 million downloads, there’s a chance the number of victims is pretty big.
The app is no longer available in the Google Play store at the time of publishing this article.