Trend Micro Alerts of Fake Google Play

Android system continue to be targeted by cybercriminals, after changing the name of android market to Google Play as source for the smartphone applications, another malicious campaign have been reported by TrendMicro which uses the domain name but with a small modification to convince victim that it’s a legitimate one.

The fake domain is pointing to other suspicious android applications and by downloading the suspicious file TrendMicro flags it as ANDROIDOS_SMSBOXER.AB. what is interesting at this kind of malwares that it will start to identify victim location and international phone code which means that it have no border even if the domain is a Russian one any person in the globe can be infected, Next it starts to edit text messages and send the message with the malicious link to infect another victim.

Screenshot for the Malicious application source (click to enlarge)

This will make it a very dangerous one as operators have no required protection for such attacks while the only way to be protected is by using security software on Android smartphones with latest update.

If you are looking to reverse Android application you can use Android Reverse Engineering (A.R.E.) system, or for the APT files android-apktool which helps to reverse engineering such applications.

Source: http://blog.trendmicro.com/fake-google-play-site-leads-to-rogue-apk-app/

Share