Users looking for “cracked” Android files are in danger of running into a site that is peddling apps that are more or less a ploy to garner advertising clicks from unsuspecting users. The site, getwapi.com, boasts a collection of free, yet crooked looking downloads for Android phones including audio apps, Java apps, wallpapers, games and more.
Naturally there’s a twist. After being downloaded and installed, each app installs the same executable “dex file” — the file that would normally carry the application’s program files, according to research from GFI Labs. After the installation, there is no program, instead a Leadbolt advertisement appears. Leadbolt, an Australian mobile adware firm, relies on clicks to make money and regularly bundles adware with Android programs.
In the app the user is asked to wait 170 seconds or “click the advisiting for instantly download.” According to GFI, the fractured grammar is a scam to get users to hurriedly click the advertisement and in turn, earn money for the scammer.
According to the company’s Junior Threat Researcher Randall Griffith, even if a user were to click the ad, they’d still have to wait for the timer to count down. After waiting, users would not be able to download the app they intended and instead, according to Griffith, an error box pops up and the user is sent through the LeadBolt ad.
Even though most phones are programmed to forbid the installation of third party apps, alternative app stores like GetWapi continue to be a thorn in the side of Android security.
Last month Google introduced the Private Channel for Google Play in an attempt to help curb the further installation of potentially malicious applications. Organizations can now control which apps show up in the Private Channel and what can be installed on their employees’ devices. The step is one of the first by the company to help users stave off the installation of dangerous third-party applications and malicious apps that may have slipped past Google Play’s security checkpoint.