Browse archive

Latest news

Microsoft to pay up to 150k for vulnerabilities

(IN)SECURE Magazine issue 38 released

Collected data helped foil 50 terrorist plots, says NSA chief

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

Failed backups endanger revenue and productivity

How to detect hidden administrator apps on Android

CyanogenMod founder aims to thwart data-grabbing apps

Hacking charge stations for electric cars

Fake mobile AV apps offered on Google Play

Posted on 10.05.2012

Downloading apps from Google Play, the official online Android app market, is not without its dangers.

Even though Google has been scanning the offered apps for malware by using "Bouncer" - an automated app scanning service that should, in theory, detect malicious software and developers who keep offering it - there are still instances where they aren't booted out of the market soon enough.

Security researchers from AegisLab have recently discovered over 15 fake AV and "free SMS" apps being offered by the same developer ("thasnimola") that has been flagged for selling fake NQ Mobile apps in April.

According to them, the developer uses the Appsgeyser webkit to automatically generate fake apps, and he continues offering them on Google Play.

When users try to download the app, they are redirected to the developers' "official" site, and the researchers are still not clear on whether the offered apps are malicious, or just a way of luring users to this particular site.

The apps may be free of charge and simply not work as advertised, but the are still bad news as users who have installed them might believe they are protected when they are not.