Popular Topics

Topics

About

Policies

Our Network

More

Lucian Constantin
by
CSO Senior Writer

Spammers impersonate well-known developers to publish rogue apps on Android Market

news
Feb 8, 20122 mins

The spammers are using font tricks to deceive Android Market users into trusting rogue app developers

Spammers are impersonating well-known Android software developers in order to distribute rogue apps through the official Android Market.

Security researchers from antivirus firm Trend Micro have identified a developer named Rovio MobiIe Ltd. in the Android Market, which had a significant number of rogue applications in its portfolio.

[ Learn how to secure your systems with InfoWorld’s Malware Deep Dive PDF special report and Security Central newsletter, both from InfoWorld. ]

Some users might immediately recognize Rovio Mobile as the name of the company behind one of the world’s most popular mobile games, “Angry Birds.”

However, in this case, the letter “l” from the original developer’s name was replaced with a capital “i,” which has a nearly identical visual representation under some fonts.

The apps distributed by Rovio MobiIe, with the capital “I”, through the Android Market were fake copies of legitimate applications that directed users to spam websites.

While these apps are not as dangerous as the premium-rate SMS Trojans distributed from unofficial app stores, they are still malicious in nature and are created to deceive users.

Last week, Google revealed a service called Bouncer, which automatically scans the Android Market for malicious apps. The scanner is capable of executing apps in a virtual environment in order to monitor their behavior, but it doesn’t seem to have caught the rogue ones found by Trend Micro.

This is probably because displaying links and opening Web pages is common behavior for legitimate applications as well. “We expect that more cybercriminals will continue with this method, so it is very important for users to be informed of how they can avoid being victimized,” Trend Micro threats analyst Kervin Alintanahin said in a blog post on Tuesday.

Installing only apps distributed through the Android Market is not enough to ensure one’s protection. Users should also read an application’s reviews and carefully consider its permissions before deciding to install it on their devices.

MalwareTechnology Industry
Lucian Constantin
by
CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO. Before joining CSO in 2019, Lucian was a freelance writer for VICE Motherboard, Security Boulevard, Forbes, and The New Stack. Earlier in his career, he was an information security correspondent for the IDG News Service and Information security news editor for Softpedia.

Before he became a journalist, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. He lives and works in Romania.

You can reach him at lucian_constantin@foundryco.com or @lconstantin on X. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

More from this author

Show me more

news

Kotlin 2.3.20 harmonizes with C, JavaScript/Typescript

By Paul Krill
3 mins
C LanguageJavaScriptKotlin
Image
news

Final training of AI models is a fraction of their total cost

By Maxwell Cooter
2 mins
Artificial Intelligence
Image
news

OpenAI adds plugin system to Codex to help enterprises govern AI coding agents

By Gyana Swain
5 mins
Artificial IntelligenceDevelopment ToolsSoftware Development
Image
video

How to run your own little local Claude Code (sort of!)

7 mins
Python
Image
video

How to build desktop apps in Typescript with Electrobun

5 mins
Python
Image
video

Write and run assembly in Python with Copapy

5 mins
Python
Image