Cybercriminals targeted Android users in Japan with a number of malware-laced Android apps designed to mimic and masquerade as popular games, according to researchers at Symantec.
Symantec said it has detected 29 such applications originating from seven developer accounts. Common coding characteristics in the apps suggest that one party is responsible for all of the applications, the researchers claim.
The malicious apps first surfaced on Google Play in late February. Initially, the content of the apps were random and the campaign was unsuccessful. The campaign picked up steam in late March after those responsible started disguising the apps as popular games, or fake movie trailers for popular games that were being adapted into films. Once installed, the applications request network communication – full Internet access, as well as access to personal information – including reading contact data, and phone calls, phone state and identity.
The number of infected devices is somewhere between 70,000 and 300,000, Symantec reports.
Once installed and opened, the apps connect to a server controlled by the scammers to download and play videos. Meanwhile the names, phone numbers, and email addresses of individuals in the phone’s Contacts are copied to the server.
Symantec believes that the purpose of this attack is to gather and sell email addresses and phone numbers for some future spam or other fraudulent campaign.
Suspiciously, many of the apps display one name on Google Play and another on the device after installation.
All the suspicious apps that Symantec was aware of have since been removed.