If you were looking to download Skype for Android, make sure that you download it from the Google Play store and not some random third-party website.TrendMicro researchers discovered that cybercriminals have created websites offering fake Skype mobile apps to Android users in attempt to plant premium-rate SMS malware on their phones.
Thankfully it should be easy to avoid these fake sites as they are hosted on Russian domains (.ru), although the malware posing as Skype apps are downloaded from a Nigerian-based domain (.ne).
Even though the websites advertise different versions of the Skype app for Android, each download link points to the same malicious .JAR file (.APK files are the expected file format for Android apps).
TrendMicro researchers wrote that the .JAR file is a Java MIDlet that poses as an installer of Skype for the Android platform and only executes on older Symbian phones and Android devices that run Java MIDlet (a third-party app is necessary to allow Android to run Java MIDlet).
If the malware is successfully executed, the user is displayed two messages before ultimately being directed to a URL that fires off SMS messages to premium rate numbers, generating revenue for the bad guys.
TrendMicro has labeled this malware threat as JAVA_SMSSEND.AB.
Users can steer clear of this threat by downloading apps from the Google Play store or another trusted Android marketplace. Regardless of where you download the Android app from, always make sure you check the # of downloads, user reviews and permissions before clicking that final ‘Download & Install’ button!
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.
No comments:
Post a Comment