Google Play store inundated with scam apps, Symantec says

The applications, which may contain just a link to a website, can be hard to assess using automated analysis
  • Jeremy Kirk (IDG News Service)
  • — 29 July, 2013 03:34

A steady stream of questionable applications is flowing daily into Google's Play store for Android devices, according to security vendor Symantec.

Over the last seven months, Symantec found more than 1,200 suspicious applications in the Play store. Google removes many shortly after they're published, but others stay in the store for a few days.

"Although they have short lives, the apps must provide ample profit for the scammers as they show no signs of halting their development of new ones," wrote Joji Hamada of Symantec.

The applications can be difficult to assess and employ a series of maneuvers and layers in order to attempt to rip off users.

Hamada wrote one application aims to get users to subscribe to an online adult video site at a cost of more than US$3,000 a year. The application's sole purpose is to launch a link to an adult website.

The website then asks the user to register in order to play videos. An email form is drafted, and the user is asked to hit send. The email, sent to the user, contains a link to another service on a different website.

This time, the user is prompted to enter a password. If that button is clicked, the phone is supplied with a number. When called, the number gives out a password. The person is then given registration details and told of a ¥315,000 ($3,200) annual fee that is due within three days.

Applications that launched only links "can be almost impossible for any system to confirm anything malicious," Hamada wrote.

"The manual steps required in this scam is another strategy used to keep the apps on the market as long as possible," Hamada wrote. "Human analysis may be the only way to discover these sorts of apps."

Apple closely examines applications submitted for its App Store, which has kept its marketplace relatively free of malware. Google also scans applications in the Play store. It also added a feature to the latest 4.3 version of the Android OS that scans any application for malicious code.

More than 100 applications similar to the adult videos one have been published on Google Play since the beginning of the month, Hamada wrote. Thirty applications from three developers are still in the market.

Symantec informs Google when it finds such applications, he wrote, but the scam applications flow into Play daily. Many of the applications float into some of the top keyword searches, apparently as the result of abuse of Play's search function.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Tags: symantec, security, mobile

Lower costs help NZ pip Australia for F5 Networks support centre

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Enterprise Security for Endpoints

Think your endpoints are secure? Think again. Learn why Trend Micro can help.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.