Fake Malware-Filled Super Mario Run Apps Take Advantage of Android Absence (silicon.co.uk)

← Back to Stories (view on slashdot.org)

Fake Malware-Filled Super Mario Run Apps Take Advantage of Android Absence (silicon.co.uk)

Posted by BeauHD on Friday January 6, 2017 @10:05AM from the buyer-beware dept.

Mickeycaskill writes: Nintendo's Super Mario Run was downloaded more than 40 million times in the first four days it was available. But an Android version has yet to materialize. An official release is on the way, but cybercriminals are taking advantage of this vacuum by spreading malicious apps masquerading as the real thing. The "Android Marcher trojan" appears as a fake landing page advertising the release of the game, where it can be downloaded onto users' devices. It then targets financial and banking apps and can modify your settings and read your contacts. The popularity of Pokemon GO last year saw similar scams emerge as users waited for the game.

34 comments

Min score:

Reason:

Sort:

English!!! by nwaack · 2017-01-06 10:09 · Score: 1

"Fake Malware-Filled Super Mario Run Apps Take" - my brain just exploded trying to understand the title of this story...
1. Re:English!!! by Anonymous Coward · 2017-01-06 10:13 · Score: 0
  
  I'll translate slashdot-ese for you
  "Nintendo is to blame for rash of fake malware apps, not Google, for not releasing their game on the Android platform"
2. Re: English!!! by Anonymous Coward · 2017-01-06 18:57 · Score: 0
  
  Android runs fake apps and yet we are to blame Nintendo? Genius shill you are.
  Nintendo sucks, but not for this reason. Nintendo sucks because their games suck.
Run, Android, Run!!! by TheFakeTimCook · 2017-01-06 10:11 · Score: 1, Insightful

Another day, another piece of Android Malware...
1. Re:Run, Android, Run!!! by Dutch+Gun · 2017-01-06 10:47 · Score: 2
  
  ...which you have to side-load to get infected. Sorry, I have a hard time getting worked up about idiots who intentionally disable safeties and then proceed to digitally shoot themselves in the foot.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
2. Re:Run, Android, Run!!! by Karlt1 · 2017-01-06 11:05 · Score: 2
  
  It's kind of funny that Android users say that the great thing about Android is that you're not stuck with just one manufacturer and one App Store but if you want security updates and not get infected by malware you're stuck with one manufacturer (Google) and one app store. (Google Play).
  But on the other hand, Android is based on Linux, why shouldn't you be able to download apps from anywhere and the OS be able to sandbox it?
3. Re:Run, Android, Run!!! by Anonymous Coward · 2017-01-06 11:33 · Score: 0
  
  It's kind of funny that Android users say that the great thing about Android is that you're not stuck with just one manufacturer and one App Store but if you want security updates and not get infected by malware you're stuck with one manufacturer (Google) and one app store. (Google Play).
  But on the other hand, Android is based on Linux, why shouldn't you be able to download apps from anywhere and the OS be able to sandbox it?
  I currently can access three different App stores without sideloading or disabling protections. And security updates is a completely different issue that has nothing at all to do with sideloading, since you don't have to root/crack your OS or install custom ROMs to do it like you do with an Apple product.
4. Re:Run, Android, Run!!! by Anonymous Coward · 2017-01-06 11:39 · Score: 0
  
  Stupid, idiotic, ignorant asshole. That's what you are. You think the Google Play store is the default app store on all devices worldwide? Wrong. You think that everyone has access to the Google Play store? Wrong again. Go fuck yourself.
5. Re:Run, Android, Run!!! by hairyfeet · 2017-01-06 14:32 · Score: 3, Interesting
  
  Hell its been the same with Windows for years, if you have a decent AV and let the OS and programs auto-update? You really don't have anything to worry about. Now all the infections I see at the shop are all social engineering, stuff like "You want teh hot sluts for free? Just run "Iz_Not_Viruz_Iz_Chatroom.exe" and talk to hot skanks now!" or the ever classic Facebook chat bug, where someone they know pops up a "Hey you have got to see this, just open "Iz_Not_Page_Of_Malware_Iz_Pupies.html" this is soooo adorable!"....sigh.
  The sad part is unless you do like Chromebooks and just take away the rights of the user? There is really nothing an OS can do against the dancing bunny problem because you have the user actively working against the security because they want to see the bunny. I have got to see this firsthand, the only person I have ever thrown out of my shop was a customer that wanted to buy a desktop and install Limewire on it. I told him "Look Limewire doesn't exist, it was shut down by the FBI years ago, if you want a P2P program I can install one but there is no more Limewire" and told him that any copies he found of Limewire online would be malware....so what does he do? Takes his brand new PC home, uninstalls the AV when it tries to stop him and promptly installs malware that has a Limewire icon and then expects me to clean it for free! When I threw him out of the shop he was screaming "It says right there its Limewire, you make it work!"....nothing any OS can do if the user is working for the bad guys.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
6. Re:Run, Android, Run!!! by Dutch+Gun · 2017-01-06 16:04 · Score: 1
  
  Never underestimate the ability of a fool to retain his ignorance.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
7. Re:Run, Android, Run!!! by Anonymous Coward · 2017-01-06 17:40 · Score: 0
  
  LOL, are you being serious right now? Any *good* hack/trojan is NOT going to be detected by your AV. AV's can scan for what they know, and even maybe some heuristics, but telling people they are "safe" just by having Antivirus is horrible advice.
  Don't let your false sense of security lead you to believe that you're "immune"; and for what its worth, assuming you're behind a router/NAT, anything that gets in, is because (knowingly or unknowingly) you let it in.
  The viruses your AV will pick up are common ones, more times than not just script kiddies. If you think your AV is going to keep out someone who really knows what they're doing, for example a state sponsored "hacker", think again. For every known 0day exploit exist just as many unknown.
  Have to agree that AV is mostly a waste of CPU cycles/resources, if it makes you feel good, fine, just don't let the false sense of security lead you to believe you're "protected" from all threats.
8. Re:Run, Android, Run!!! by TheFakeTimCook · 2017-01-07 00:00 · Score: 1
  
  It's kind of funny that Android users say that the great thing about Android is that you're not stuck with just one manufacturer and one App Store but if you want security updates and not get infected by malware you're stuck with one manufacturer (Google) and one app store. (Google Play).
  But on the other hand, Android is based on Linux, why shouldn't you be able to download apps from anywhere and the OS be able to sandbox it?
  I currently can access three different App stores without sideloading or disabling protections. And security updates is a completely different issue that has nothing at all to do with sideloading, since you don't have to root/crack your OS or install custom ROMs to do it like you do with an Apple product.
  WRONG! Please try to keep up!
  
  I don't know how many times I have to repeat this: Apple has actually ALLOWED "Side-Loading" on iOS WITHOUT JAILBREAKING since iOS 8.
  
  Here's how you do it.
  
  And you don't even have to use XCode (and from Windows and Linux computers). Just use the handy Cydia Impactor.
  
  And here's a list of F/OSS iOS Apps on github that can be Sideloaded.
  
  And here's an example of a NON F/OSS App that can be Sideloaded with Impactor.
Simple... by wbr1 · 2017-01-06 10:15 · Score: 2

Allow apps from unknown sources = NO
This is the default on most devices (except cheap chinese stuff with backdoors)
The only reason it should be on is if you are a developer, or smart enough to use an alternative app store that may not be safe. Others use it to get haked versions of games/apps and whatever herpes comes with that.

--
Silence is a state of mime.
1. Re:Simple... by Luthair · 2017-01-06 10:29 · Score: 1
  
  Its not that simple, in all the app stores there are scum trying to trick people into installing their applications. Search for popular applications and you'll see programs with similar icons and names because they're "guides" etc.
2. Re:Simple... by GuB-42 · 2017-01-06 11:09 · Score: 1
  
  Sure but these are not malware. These are, I think, legitimate guides.
  They are an excuse for bombarding you with ads but it is not forbidden by the Play Store rules and while annoying, they most likely won't do much harm.
  By comparison, the apps mentioned in the article are trojans stealing CC numbers, and just by the way they work, they break several rules of the Play Store and probably wouldn't even pass Google's automatic defenses.
3. Re:Simple... by tlhIngan · 2017-01-06 11:12 · Score: 1
  
  Allow apps from unknown sources = NO
  This is the default on most devices (except cheap chinese stuff with backdoors)
  The only reason it should be on is if you are a developer, or smart enough to use an alternative app store that may not be safe. Others use it to get haked versions of games/apps and whatever herpes comes with that.
  And negate one of the biggest advantages of Android over iOS.
  The problem is Android doesn't allow finer control of that. Because if you want to use Amazon's app store, F-Droid or Humble Bundle apps, you have to allow unknown sources.
  There's no way to open it for those trustable app stores and disallow it for other app stores.
4. Re:Simple... by markdavis · 2017-01-06 11:29 · Score: 1
  
  >"There's no way to open it for those trustable app stores and disallow it for other app stores."
  Sure there is, it is called self-control! "Regular" people shouldn't be adding third party repos anymore than just downloading random apps from off the web and installing them. And those who do enable outside sources should know the difference between potential malware and not. Although I agree it would be nice to have more options and settings, including ones that would help in this case.
5. Re:Simple... by Luthair · 2017-01-06 14:45 · Score: 1
  
  i'm not sure of the current state of things, but there has been malware in the stores in the past.
6. Re:Simple... by thegarbz · 2017-01-07 00:35 · Score: 1
  
  And when you click on an APK Android helpfully takes you directly to the settings page where you can change that niggling little security feature that's getting in your way.
  UAC didn't fix Windows, why should this fix android?
Stupid hidden apps by rar · 2017-01-06 10:16 · Score: 4, Insightful

One reason this type of scam works well (though it is not specifically relevant to the Super Mario case since it is not yet released for Android at all) is the horrendous practice to completely hide apps not available in your region / compatible with your device. This makes any similarly named app show up as the "only option", and will easily fool people.
You know what, Google? If I am looking for an app, I rather you show me that it exists but cannot be installed, rather than have me dig through tons of search results in vain.

--
Open Materials Database
1. Re:Stupid hidden apps by s.petry · 2017-01-06 10:26 · Score: 2
  
  The vendor is to blame for this much more than Google. They could have set up a landing page which said not available yet, and even given a release date. That said, I'm not big on blaming the vendor for this type of thing either. People will download and install things without doing any validation and/or testing, and it happens all the time.
  Should we have constant PSAs on TV, Radio, Youtube, etc..? Or perhaps consider the wisdom of Bill Engval "You can't fix stupid!"
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
2. Re:Stupid hidden apps by Anonymous Coward · 2017-01-06 11:08 · Score: 0
  
  You know what, Google? If I am looking for an app, I rather you show me that it exists but cannot be installed, rather than have me dig through tons of search results in vain.
  They do that, if the vendor has published an app entry.
3. Re:Stupid hidden apps by Anonymous Coward · 2017-01-06 12:46 · Score: 0
  
  I don't think this is correct. Could you provide an example?
4. Re:Stupid hidden apps by thegarbz · 2017-01-07 00:37 · Score: 1
  
  Why should the vendor create landing pages in the Play Store? Hell I'm not sure they can. This is definitely the fault of Google's design.
Fake everything by Anonymous Coward · 2017-01-06 10:19 · Score: 0

Holy shit, malware is even fake now.
Walled gardens... by Anonymous Coward · 2017-01-06 10:38 · Score: 0

We need more walled gardens. The space between the walled gardens is starting to resemble Mad Max.
Of course... by Fire_Wraith · 2017-01-06 10:40 · Score: 3, Funny

"Thank you for downloading me, Mario, but your Princess is in another download at malware.cybercrime.su."
Just sell it by Impy+the+Impiuos+Imp · 2017-01-06 10:51 · Score: 1

This sounds like an idiot super villain who invents robots, and, instead of selling them for billions, uses them to rob a bank instead.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
No sandboxing? by Anonymous Coward · 2017-01-06 10:56 · Score: 0

I don't know the Android OS at all, but in iOS apps are, for the most part, sandboxed, and could not access other apps unless you had some kind of explicit bridge. I am trying to wrap my mind around how Android could allow malware to basically rape other apps. It might as well be Windows 95.
The fix is simple by Anonymous Coward · 2017-01-06 11:03 · Score: 0

Buy an iPhone.
Isn't Android really Linux by Anonymous Coward · 2017-01-06 17:23 · Score: 0

Malware on Linux?
I'm shocked! How could you get malware on Linux, you only get malware on Windows.
Trump should get Putin/Wikileaks to look into this...
Shooting the wrong horse by Anonymous Coward · 2017-01-06 18:09 · Score: 0

This is shooting the wrong horse.
Android uses the Linux Kernel. It is not "itself" a real Linux distribution because you can't download the source to every part and compile it yourself. What people typically have as "unlocked/rooted Android phones" are CyanogenMod, not Android. Sure it runs Android, but "Android(TM)" is Google's operating system that uses a Linux Kernel. CyanogenMod, likewise is not a real Linux distribution either.
They qualify as Linux as far as being able to run non-UI services, but the GUI system is rubbish on Android and it's clones, and can not run any desktop Linux software. People have pretty much shown that they care more about bells and whistles, and don't care for heavy or small devices, they want large screens, tiny batteries, and useless front-facing cameras. A "real" hackable Linux smartphone has been tried multiple times, nobody buys them, because nerds underestimate the kind of flexibility that people want in a phone. What people really want is a device they can throw away every 12 months, and don't really don't care about the environment. Ironically Nerds do, because they want that hack-ability and re-usability. So when a Linux-kernel phone reaches the end of it's life (at 18 months) they can just install their own cyanogenmod or something else and tell the original manufacturer to go f themselves and not buy a new phone for several years.
The only reason people "root" their devices is to install and run pirate software. That is it. Forget the casual excuses about "homebrew" or using it as a devkit. So very little "homebrew" exists for any device that has been unlocked that it's become something of a running joke among piracy communities. Sure "copyright law" may allow for this, but that is not what it was designed for. Copyright law was designed to prevent someone from transcribing a song or book and then reselling as it as if they created it. Technology has moved so far and fast from that that the majority of copyright law really needs a do-over whereby:
a) If a product is no longer manufactured, in 10 years, people may clone the product as long as their unique branding is applied with no assertion of compatibility with the brand (eg a "Nintendo" clone becomes "8-bit game arcade".) 50 years after the original product is released, anyone may produce a compatible product incorporating the original brand name (eg "Nintendo-compatible 8-bit game arcade.")
b) If a production (eg music, comics, movies, software) is no longer available to purchase new (eg license has expired, hardware no longer produced,) then anyone who owns an original may make a digital copy (by any means) after 10 years as long as no financial instrument has been exchanged for the copy. 50 years, anyone may make a copy, remaster or remix the production as long as the original source is not obscured or erased, and may treat it as a new product under copyright protection. If two independent people remix the source material, they can not lay a copyright infringement case against each other since the source material has become public domain.
c) Compilations shall be permitted once a title/production is no longer in print as long as the original bitstream is unaltered and unedited. eg one may not produce a "mp3" compilation for sale from a lossy AAC or MP3 compilation. This is to ensure that original (typically live) performances are not undermined by "bootlegs" of the same performance taken with low quality equipment. So video games may not be "ripped/repacked" they must be disc/download images, movies may not be repacked, and audio performances may not be lossy repacked.