Scammers are using the super-popular Temple Run game for iOS as bait to lure Android users into installing a phony version of the game on their phones. The incident comes amid reports of an explosion in traffic to mobile Web pages and application stores.
Researchers at Trend Micro wrote on Monday that a copy of Temple Run downloaded from Google’s Android Market was a phony that, once installed, creates shortcuts on an infected Android phone’s desktop, displays adds using the phone’s mobile notification feature and prompts the user to share the fake application to his or her Facebook friends.
Alas, victims never get to actually play the popular (and fun!) running game on their phone, because game publisher Imangi Studios is still working on a version for the Android platform. Instead, victims are presented with a “countdown” to the official release and a promise to notify the user once its available.
Trend Micro reported the phony application to Google, which has since removed it from the App Market. Imangi Studios posted a note on the official Facebook page for Temple Run that it doesn’t yet have a release date for an Android version of Temple Run, but that “anything on Android claiming to be Temple Run is a SCAM.”
The report comes amid multiple reports of skyrocketing smartphone adoption and use of online mobile application stores. The number of smartphone users in China grew by 870% in the first 10 months of 2011, while ABI Research predicts that annual downloads for the Android platform wil reach 58 billion by 2016, with downloads for iPhone at 27 billion.
Mobile malware has been enjoying similar growth. Malware for Android increased 472 percent in 2011, according to data from Juniper Networks.
Malicious applications are nothing new for the Android Market. In March, the DroidDream malware spread over the Market by posing as popular applications, including Super Guitar Solo, Falling Down, Super History Eraser. That malware was downloaded tens of thousands of times by Android users searching for the legitimate versions of those applications, and in subsequent DroidDream outbreaks.
In other incidents, Google suspended a number of suspicious applications from the Market in June after a report that some applications were infected wtih the Plankton spyware. Then, in July, rsearchers at Fortinet claimed to have found the first variant of the Zeus banking Trojan that was outfitted to run on the Android platform.
On February 2, Google announced a new automated scanning service, dubbed “Bouncer” That will scan the Market for potentially malicious software. Google said the service, which has been quietly been tested has already decreased the number of potentially malicious applications on the Market by 40%.