Google Play has only been recently launched to replace the Android Market and as it turns out, cybercriminals are not wasting any time. Security researchers identified a number of newly created Russian domains that hosted Google Play-lookalike sites that served malicious applications.
Trend Micro experts found that the websites were cleverly designed to mimic the legitimate Google Play site.
Created to target Russian users, the sites promise not only applications and games, but also e-books, movies, “google music” and “world music”.
Once the images from the site are clicked, the unsuspecting user is taken to another suspicious domain that offers Android apps.
These applications hide a piece of malware called ANDROIDOS_SMSBOXER.AB, which signs up Android device owners to a number of paid services.
Similar to ANDROIDOS_OPFAKE.SME, SMSBOXER.AB inserts unnecessary files into the APK to avoid being detected by antivirus software. However, experts say that this polymorphic-like behavior isn’t very effective and security applications can easily detect the malicious files.
“If anything, this attack shows just how quick cybercriminals can adapt to the fast-changing mobile landscape. Users are strongly advised to practice extreme caution when dealing with apps and app stores in general,” Trend Micro Fraud Analyst Karla Agregado wrote.
As many users were aware, Android Market was highly targeted by cyber crooks. Thousands of shady Market sites have been removed throughout the years by security solutions providers and there’s nothing to indicate that the things will be different with the new Google Play.
That is why it’s always recommended to download applications and other content designed for Android phones only from trusted sources.
Also, before installing applications, never forget to take a good look at the permissions they request. A simple game, or an optimizer app shouldn’t ask for the right to access messages or the Internet connection.