Trend Micro’s security engineers have discovered malicious Apps for Android smart phones and tablets featuring the World Cup 2014. As the there is a huge interest being generated in the World Cup 2014 which is being played in Brazil, cyber criminals are using this very interest to create different World Cup 2014 themed malicious Apps targeting Android mobile devices.
Cyber criminals are known to trick users with social engineering techniques into downloading any kind of malicious content and as said above, the World Cup provides a bonanza of sorts to them. According to the security engineers at Trend Micro more than 375 spurious apps are targeting Android users as of today and World Cup 2014 Apps are the latest favourite for cyber criminals. Users generally download these malicious Apps third-party app stores however it has been found the Google Play also sometimes hosts them.
“We found these malicious apps lurking in unauthorized/third party app download stores, just waiting for users to install them on their mobile devices. Upon analysis, we found that the bulk of the malware in question are variants of prevalent mobile malware families,” reports a blog post by Trend Micro.
Trend Micro and other security experts have detected variants of Android trojan OpFake available freely in the wild, in the third-party app stores. Other malicious Apps which concern the security engineers are which were spreading “SMS Stealer” Android malware.
Another malware which is very popular with the cyber criminals is is ANDROIDOS_SMSSTEALER.HBT. This Security analysts found that the the version detected was a very much improved version with remote control capabilities which allows the attackers to execute commands on the victim’s devices, including a block of incoming texts, sending SMS to other numbers, or installing additional malicious applications.
Experts also discovered malicious World Cup Apps with a new variant of malware dubbed ANDROIDOS_OPFAKE.HTG, Premium Service Abuser which when installed make the users sign up for premium services without their knowledge and the users end up paying huge bills for these services.
Another favourite malware is Slot Game Swindling. As explained by the experts at Trend Micro, malicious World Cup slot game apps were detected as ANDROIDOS_MASNU.HNT.
The malicious Apps implement filtering user payment confirmation messages, “so that users may not notice the real amount of money they’ve been paying when playing this game, and thus spend more without restraint.”
“Some football betting apps have also been found leaking information without user notification, as well as blatant security risks in their micropayment process. We advise users to be very careful with their financial and personal information when using these apps (or not to use them at all).” states the blog post.