14 DAY TRIAL // Disguised as legitimate software, downloaders from third-party Android marketplaces in China lure users into downloading a flurry of apps requesting permissions that could easily lead to financial losses.
About 5,000 such apps have been observed by security researchers, who determined that they were generated automatically as the same package has been observed in all of them.
Closing the download request causes another to pop up
Most of the times, they pose as a game or popular software designed to facilitate different file transfer actions.
One of the packages analyzed by the researchers from Trend Micro is called “com.android.yuyouwall” and functions as a lure for downloading apps presenting a risk to the user.
According to the researchers, a popular third-party Android store in China contains thousands of downloaders. One of them, called Fire Dragon Demon, includes the com.andriod.frames and pretends to be a game; but once installed, it informs the victim that important components need to be added to the system in order to benefit from an improved user experience.
If the victim agrees, “the app displays images of other apps with messages that urge users to click them. Clicking on any of the images will lead to downloading other apps. We noticed that the downloaded apps are not necessarily the sames ones advertised in the images,” Trend Micro says.
Attempting to stop the flood of requests by tapping on the “close” button of an image does nothing but terminate the current offer and cause another one to appear.
Risky permissions are requested
Some of the apps forced on the user include dangerous permissions, such as the ability to send text messages to paid-services. This would suggest that the user is subscribed to premium-rate services, although there is no clear indication of this.
Researchers warn about the danger of using unofficial Android stores as most of the times they are not properly curated and host malicious software.
Apart from premium-rate service scams, users can also be served malware that can spy on phone activity or steal sensitive information from the device. Spamming users with ads is another possible risk.
Users can protect themselves from trouble of this kind by exercising caution when downloading from unknown sources and just trying to get content straight from developers or from official repositories. Having an antivirus installed on the phone is also a good idea.
