Recent News - ESET Discovered Bogus Apps at Google Play Which Promise New Followers


2016-07-18

These apps – detected by ESET as Android/Fasurke – were available on the Google Play store for over four months. Despite receiving a considerable number of negative reviews, they reached hundreds of thousands of downloads. Upon ESET’s notification, the Android security team removed all the apps from the store.  
 
“Even though the apps no longer pose a risk for Android users, it’s still worth disclosing exactly how they worked, as sooner or later, similar malicious apps may appear on Google Play store again,” said ESET Security Researcher Lukáš Štefanko, who discovered the malicious apps. 
 
In the most common scenario, the app required users to enter their personal information and select the amount of followers they wanted to gain. However, after pressing the button “Start Generating”, the user was presented with a so called human verification step. 
 
However, this was only a cover up used to draw users into endless offerings of gifts, coupons and free services, as well as requests for personal information such as name, email, address, telephone, date of birth and gender. They were also asked to provide consent to receive telesales calls and text messages, some of which were premium-rated SMS subscriptions costing the victim approximately 4.8 EUR per week. 
 
“The only purpose of all those surveys, ads, offers, rewards, wining prizes, gift coupons and other cheap marketing tricks is to milk as much information and money from the follower-hungry users as possible,” warns Lukáš Štefanko. 
 
 
In order to keep safe from bogus and other harmful apps, Android users should follow security best practices recommended by ESET experts: 
 
  • If possible, stick with Google Play or other reputable app store. These markets might not be completely free from malicious apps but you have a fair chance of avoiding them. 
  • Prior to installing any app, check its ratings and reviews. Focus on the negative ones, as they often come from legitimate users while positive feedback may be crafted by the attackers. 
  • Facing sensational offers, keep in mind the golden rule "If it seems too good to be true, it probably is". 
  • If they offer you half a million of followers for free, with a single click - or after completing a survey - they will probably not be able to deliver.
  • Think twice when entering your personal information, giving consent to something or ordering goods or services. Be sure absolutely sure about what you receive in exchange. 
  • Invest a small amount of effort in getting know who you are about to do business with. 
  • Use a quality mobile security solution; it’s crucial to protect all your devices so you might wish to use a multi-device security pack
 
More information about these bogus apps can be found in Lukáš Štefanko’s article on ESET’s official IT security blog, WeLiveSecurity.com.


   

About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organisations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

ESET recently updated its two-factor authentication (2FA) application, adding a secure validation to weak and static user passwords. This updated version of ESET’s 2FA application provides flexibility and deeper integration of 2FA into bespoke applications, making it the best cost-effective solutions for SMBs everywhere.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. For more information visit http://eset.version-2.sg/ or follow us on Facebook.

 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Version 2 Limited.
For more information, please visit www.version-2.com.sg or call (65) 6296-4268.

 

Previous News Next News

Return to the previous page