/
1 min read

Fake, malicious World Cup-themed apps targeting Android users, finds Trend Micro

trend_micro_logo

The 2014 FIFA World Cup in Brazil has begun, and Trend Micro researchers have pointed out yet another thing that fans need to be careful about: fake and malicious versions of World Cup-themed apps.

Trend Micro earlier warned about App Repackaging, Growing Underground Economy, and Toolkit Availability which Pushed Mobile Malware and High-Risk App Count to 2 Million in first quarter of 2014.

Mobile users should be aware that cyber crooks have taken to cloning popular apps and adding to them malicious routines that subscribe users to premium services, leak user-critical information, and install malicious links and shortcuts on the mobile device home screen.

App Fakery

One of the malware families detected is ANDROIDOS_OPFAKE.CTD  family. This particular family  first appeared in May, 2013, passing itself off as fake clones of popular apps. Its malicious routines included subscribing the user to premium services, leaking user-critical information (such as contact list/messages) as well as install malicious links and shortcuts on the mobile device home screen. In just one year, the number of detected ANDROIDOS_OPFAKE.CTD variants reached 100,000, faking 14,707  apps.

We also discovered that the remote server the apps connect to has 66 different domains, with each domain spoofing famous websites like MtGox.com.

SMS filtering and theft

Another malware family we detected leveraging World Cup fever is the ANDROIDOS_SMSSTEALER.HBT family. Variants of this family share similar methods of fraud and fakery with OPFAKE, with one exception: they can connect to their remote C&C server to receive and execute commands, some of which being adding an SMS filter (to block/conceal certain incoming messages), sending SMS, and installing new malware.

Premium Service Abuse

We also found that the Trojan mentioned in our previous blog  is also part of the cybercriminals’ World Cup arsenal, with a new variant we detect as ANDROIDOS_OPFAKE.HTG. A typical Premium Service Abuser, affected users find themselves charged with exorbitant premium service fees that they never themselves purchased.

Slot Game Swindling

Finally, we found a malicious World Cup slot game app that we detect as ANDROIDOS_MASNU.HNT. Its malicious routines include filtering user payment confirmation messages, so that users may not notice the real amount of money they’ve been paying when playing this game, and thus spend more without restraint.

Trend Micro has already found more than 375 questionable or outright malicious World Cup-themed apps, and more are sure to be offered while the sporting madness continues.

“The vast majority of these apps lurks from third party app stores, so users are advised to avoid them altogether or to be extra careful when reviewing apps they want to install from them. Installing a mobile security solution is also a good idea,” said Dhanya Thakkar, Managing Director, India & SEA, Trend Micro.

Leave a Reply