Are you looking for the best way to distribute your fake android apps? The best solution would be to create an entire app store to sell the apps.
This is what the makers of ‘myadroidmaklet.net’ have decided to do. This is a third party app market that promises over 50 free apps for download, including Angry Birds Rio, Adobe Flash Player, Google Maps, Need for Speed Hot Pursuit, Mozilla Firefox, Opera, World of Goo and even Skype. What you should know is that these are all Trojan apps (malware) that have been disguised.
According to Microsoft, the underlying Trojan Android app is SMSFakeSky, and the main target of the malware is Russian speaking users. Microsoft malware analysts noted that it poses as an application that is legitimate and during the installation; the Trojan might request permission to run. One of the things that you will note in its installation is that it will request for permission to check the user’s SMS and MMS that they have sent and received, to see the location of the user, complete access to the internet, permission to modify the contents of the removable storage as well as information on all phone calls. After that, it will again ask to download other apps, such as Adobe Flash Player, which is also a Trojan app.
For legitimate Android apps, the user is usually prompted to give Internet access or any other access to an app. It is during this time that a user should pause and actually consider whether it is legitimate or not. The hackers have decided to use a social engineering attack, in which they trick the user into downloading an app that they think is legitimate. The user ends up giving the app permissions while thinking that they are genuine Android apps. The fact that the Trojans ask for several permissions is not a red flag, since even genuine apps ask for several permissions.
The moment you give SMSFakeSky permission, it starts its execution. According to Microsoft, the Trojan displays a progress bar that is not real. You might think that it is actually downloading an app to your mobile device. When done, there is a URL that appears as an agreement, but once the ‘Agree’ button is selected, there will be several SMS messages that will be sent from your device to premium numbers at your expense.
In order to hide what the Malware is actually doing in the background, it uses cleverly engineered prompts. According to a blog post by Methusela Cebrian Ferrer of the Microsoft Malware Protection Center, the kind of user interface that the Trojan uses is not something that usually raises suspicion. The malicious activity can often build up a lot of charges against the user even before they notice. These charges are the main incentive for the cyber criminals.
In fact, the SMSFakeSky is not the first malware that specifically tricks Russian phones into sending messages to a premium-rate SMS number. This usually exhausts funds from a user’s accounts and the attackers are then able to make money through the premium SMS numbers. This has been mainly attributed to the fact that there is no legislation that holds telecommunication providers responsible for the premium numbers that are used for such frauds. In Russia, and by extension most of the Eastern European countries, someone can actually rent a premium number without question. This presents a great challenge, because nobody is able to follow up on the individuals that lease the premium numbers.
According to Daniel Chipiristeanu and Sergey Chernyshev, who are researchers at Microsoft, setting up fake app stores like the ‘myadroidmaklet.net’ is not the only scam that we should watch out for. The use of paid archives that contain malware is the newest method. However, it’s not as aggressive as the other methods, since the system is not infected. The way this happens is very simple. They trick users by charging them for apps that are free or even charge them for copies of genuine paid apps that have been pirated. For the full details into their ‘Research into paid archives’, watch out for the VB2012 conference in Dallas in September 2012. They will also look into the fake archive generation tool as well as ‘how money is earned and distributed by bad guys’.