Fake apps markets for Android devices are the latest means of tricking mobile and tablet users using the operating system into downloading malware highlighting the need to be careful about the source of the apps you download. A new one is already behind the theft of up to half a million pieces of personal information from unwitting consumers … only two weeks after it was launched by cybercriminals.
Researchers at internet security company Symantec discovered Android.Exprespam at the beginning of this year, distributed through a fake market called Android Express’s Play. The store has been highly successful, attracting over 3,000 visits in just the week commencing 13 January. The store has every appearance of being authentic, but the malware that it distributes steals approximately 150 items of information per device that it infects.
Symantec's Joji Hamada has been following the malware closely: “The scam has only been around for about two weeks so I am sure that this is just the beginning for the scammers and the amount of personal data collected will increase exponentially."
Android Express’s Play is the second iteration of the fake store (the first version was called Gcogle Play). Yet another domain registered by the creators of Exprespam and another version of the fake market is being prepared for launch, according to Symantec. It appears to be under construction or on standby, with a new malware variant already being hosted on the site.
Cybercriminals are are constantly devising new ways of perpetrating scams, making user vigilance essential. Hamada continued “These updates will not end until the scammers either are caught by the authorities and punished or cease scamming people, which is unlikely to happen anytime soon."
In 2011, Lookout Security uncovered an Android Market lookalike portal that hosts a range of highly attractive but infected apps for the Google smartphone platform.