Over 100,000 Download New Rogue Android Apps

Malicious Android apps disguising themselves as popular games titles have made their way onto the official Google Play store, gaining tens of thousands of downloads, a security firm has warned.

Although the rogue apps have now been removed, they were on the official Google store for some time, racking up between at least 100,000 downloads, Symantec found. They appeared to be games titles Super Mario Bros, Mario Kart Racing and GTA 3 – Moscow City, but were actually used to trick users out of money.

The fake Super Mario Bros and GTA 3 apps used a remote payload, which most likely helped them avoid protections on Google Play. Staged remote payloads make it less obvious that something nasty is going on.

Once on users’ phones, the Android.Dropdialer threat hidden in those two apps received an additional package hosted on Dropbox, which was used to send SMS messages to a premium-rate number.

In seeking to hide the real intent of the app, it prompts to uninstall itself after sending out the text, Symantec said.

Mucky Mario Kart

The Android.Fakeapp threat in the rogue Mario Kart Racing application sought to spam users, whilst being able to download other apps created by the spammer. The creator of Android.Fakeapp managed to get around Google Play protections numerous times, before the tech giant removed the dirty software.

“A review of the past activities of the rouge spammer behind Android.Fakeapp shows that since mid-May this is the fifth attempt to push the same app using a new publisher ID every time, resulting in download counts reaching significantly high values in short time spans,” Symantec wrote in a blog post.

“Despite the fact the apps were immediately suspended on Google Play, our telemetry data has shown that the constant feed from the suggestive downloads has resulted in a steady, accumulative user base, or the prolonged effect.”

In response to the findings, Google sent TechWeekEurope this response: “We are committed to providing a secure experience for consumers in Google Play, and in fact our data shows between the first and second halves of 2011, we saw a 40 percent decrease in the number of potentially-malicious downloads from Google Play.

“Last year we also introduced a new service into Google Play that provides automated scanning for potentially malicious software without disrupting the user experience or requiring developers to go through an application approval process. You can read more in our blog post here.

“Additionally, our approach includes clearly defined content policies that developers must adhere to, plus a multi-layered security model based on user permissions and application sandboxing. Applications in violation of our policies are removed from Google Play.”

Android, cyber criminals’ favourite mobile operating system, has been under the security spotlight over the last few months.

One malicious app on a third-party store was seen hitting 100,000 Android users in China this week, whilst a debate is rumbling on over claims a botnet of infected Android phones is being used to send spam.

Are you a security guru? Try our quiz!