Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Don’t Play Around with Google Play. Fake Smartphone App Has Direct Line to Cybercriminals.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

If it looks like a duck, walks like a duck and quacks like a duck, it’s a duck, right? Maybe. Of course, it could always be a decoy. Which is what the icon disguised as the Android app, Google Play, is.

Suzanne Choney on writes that the Google Play decoy is in actuality a Trojan known as Android DDoS.1. Once on a smartphone, the fake Google Play sends a user’s phone number to cybercriminals who can then use it to send text messages or launch a Distributed Denial of Service (DDoS) attack.

Doctor Web, a Russian security firm, observes, “It is not quite clear yet how the Trojan spreads, but most probably criminals employ social engineering tricks and disguise the malware as a legitimate application from Google.”

Once installed, Android DDoS.1 creates an app icon that passes for Google Play’s. Offers Doctor Web, “If the user decides to use the fake icon to access Google Play, the original application will be launched, which significantly reduces the risk of any suspicion.”

Doctor Web adds that Android DDoS.1 “can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more.”

Security firm Kaspersky notes, “Cybercriminals love to offer their infected programs directly through the Google Play applications store … The first case of this was reported back in March 2011, and since then malware has appeared regularly in this online store. A combination of insufficient analysis of the apps on Google Play and customers’ continuing confidence in it as a safe source of software, means malware can survive there for days — sometimes weeks — infecting many devices.”

In her piece, Choney says that one way to know whether your icon is genuine or a wolf in sheep’s clothing (Hey, you start with an animal metaphor, you end with an animal metaphor. After all, what’s a META-for?) is checking with the Federal Trade Commission.

The FTC writes Choney, “posted a free Smartphone Security Checker for users of Android, as well as Apple’s iOS, BlackBerry and Windows phones. This online tool takes consumers through a 10-step security checklist tailored to their smartphone’s operating system. Even though it does not place malware protection software on your phone, it’s a good place to start.”

By ThreatMetrix Posted