​Scammers put a bogus Android security patch app in Google Play

Scammers put a fake Android security patch app in Google Play to infect smartphones.

The bogus patch, packaged as an app, was briefly available in Google Play and purported to fix the so-called QuadRooter bugs that were revealed by security firm Check Point last week.

QuadRooter consisted of four bugs that affect as many as 900 million Android smartphones with Qualcomm chips inside. Devices could be compromised if users installed a malicious app that exploits the bugs. Google has released patches for three of the four bugs, and will provide a patch for the fourth bug in a future update.

But while the fixes are already available for Google’s own Nexus devices, it’s still not known which handsets from Google’s Android partners have received the update. Likely though, very few. Sony last week promised to soon release the patch for certain Xperia devices, according to Android Authority.

Perhaps exploiting the uncertainty about which devices will receive the Android security updates, scammers published two Android apps on Google Play that claimed to fix QuadRooter flaws but instead serve unwanted ads.

According to security firm ESET, Google has now pulled the two offending apps from Google Play. Both were both called “Fix Patch QuadRooter” from a publisher Kiwiapps Ltd.

ESET researchers said it is the first time fake Android security patches have been used to lure potential victims. The same ruse has been employed to infect Windows systems with malware, but on Android a more common cover for spreading malicious apps is to rig bogus versions of popular games.

Lukáš Štefanko, an ESET researcher is concerned if this technique sets a trend.

“What worries me, for example, is that fake patches – on top of having the potential to really attract users’ attention – have a valid reason to require every possible permission,” noted Štefanko.

“If an app promises to make any fix to your system, it’s a scam,” he added.

Google has stepped up pressure on Android device makers and carriers to more promptly deliver patches it creates, however the only devices that are guaranteed to receive Google’s monthly security updates are its own Nexus line.

Devices from other manufacturers, particularly older models, often never receive the patches. This confusion over timing and delivery arguably could prompt concerned Android owners to go in search of a security fix.

Google meanwhile has assured Android users that its Verify Apps feature, which is on by default in Android 4.2 and above, could block malicious apps that attempt to exploit the QuadRooter flaws. However, the only real fix is a patch that contains fixes for all four bugs.

Join the CSO newsletter!

Error: Please check your email address.

Tags scammersESET malwarefake softwareAndroid securityAndroidQuadrooter bugsIT Securitysecurity patchesransomwarecyber securityCheck Point Software TechnologiesGoogle Playbugs and security failures

More about Check PointESETGoogleQualcommSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts