Fake and malicious Android apps have become an industry unto themselves in the last couple of years, as attackers have sought to capitalize on the massive market share that the mobile OS enjoys worldwide. It’s a safe bet that any popular new app will attract a malicious copycat version, and researchers have found that the latest app on this list is Angry Birds Star Wars.
Fake or Trojaned versions of Angry Birds have been around since the insanely popular game first launched, and the Star Wars-themed version, which came out earlier this year, is no exception. Researchers at GFI Labs have come across a version of Angry Birds Star Wars that sends out premium SMS messages, racking up serious charges on the user’s bill without her knowledge. Oddly, unlike many other such fakes or Trojaned apps, after sending out the costly SMS messages, the app eventually installs a valid version of the Angry Birds game.
“As with so many similar fakeouts, Android owners must download the app from the website then install it on their phone (downloading with anything other than your mobile device – say, a web browser – offers up a .jar file instead). It’s almost like leaving the “Allow installation of non-Market applications” option on your Android unchecked is a good idea!” Chris Boyd of GFI Labs wrote in an analysis of the malware.
“This one acts like a typical Boxer Android file, sending premium SMS messages before downloading a valid version of the software. All in all, a rather costly mistake given you could pay the one time fee for the legitimate Google Play download and Angry Bird yourself into a (non-scammed) frenzy instead.”
The game is delivered from a dedicated Web site the scammers have put up on a Russian domain.
As Boyd suggests, one of the easier ways to avoid installing malicious apps or those that take unwanted actions on your device is to only download apps from the official app store for your device. For Android users, this means sticking to the Google Play market. There have been incidents in which malicious apps or proof-of-concept apps inserted by researchers have been found in the Google Play market, but Google has created a couple of protective measures to prevent such attacks in the last year or so. The company in February announced a new system called Bouncer that scans apps for malware before they’re allowed into Google Play.
