Saturday, 16 July 2016 05:05

Eset finds malware in Google Play

By

Security vendor Eset has identified eight apps in Google Play that appear to trick users into revealing personal information and purchasing goods and services.

According to Eset, these eight apps lured "users into paying perpetual subscriptions, sharing their personal information, and consenting to the receipt of marketing messages or watching ads. Hiding their true functionality, most of the apps promised to increase the number of the victim's social network followers."

But when users tried to get more followers, they were met with a "verification" step that signed them up for offers that cost money or involved consent to receiving marketing messages, sometimes via premium SMS.

The process also requested personal information including name, email, address, telephone number, date of birth and gender.

"To get as much information and money as possible from follower-hungry users is the only goal for these types of malicious apps. Through surveys, rewards, ads, prizes, gift coupons and other cheap marketing tricks, they want to attract attention and push users to share information they shouldn't," warned Eset senior research fellow Nick FitzGerald.

The apps were downloaded more than a quarter of a million time before they were removed from the store after Eset notified Google of the problem. The apps had attracted many negative comments about their misleading and ineffective nature, but that wasn't enough to get them removed.

"The malicious apps might no longer pose a risk for Android users at the moment but it is still important to let people know how they worked – similar apps could appear at any time on the Google Play store and repeat the same tricks," said FitzGerald.

One of the standard pieces of advice for avoiding mobile malware is to stick to the official app stores, but that clearly isn't foolproof.

Other tips from Eset:

Prior to installing any app, check its ratings and reviews. Focus on the negative ones, as they often come from legitimate users while positive feedback may be crafted by the attackers.

Facing sensational offers, keep in mind the golden rule: "If it seems too good to be true, it probably is." If they offer you half a million followers for free, with a single click – or after completing a survey – they will probably not be able to deliver.

Think twice when entering your personal information, giving consent to something or ordering goods or services. Be sure absolutely sure about what you receive in exchange.

Invest a small amount of effort in getting to know who you are about to do business with.

Use a quality and reputable mobile security solution to protect your device.

CHIEF DATA & ANALYTICS OFFICER BRISBANE 2020

26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments