Slashdot Mirror

← Back to Stories (view on slashdot.org)

500,000 Duped Into Downloading Android Malware Posing As Driving Games On Google Play (forbes.com)

Posted by ryuzaki0 on from the security-woes dept.

Be careful what you're downloading from Google Play. Especially if it's one of 13 apps posing as driving games created by one developer called Luiz Pinto. From a report: More than 560,000 have already been tricked into downloading the games, which include a mix of luxury car and truck simulation apps, as discovered by Android malware researcher Lukas Stefanko. Once installed on a user's Android device, the games don't actually work. Looking at the reviews on Google Play, users who downloaded them complained it was a virus. For instance, among the masses of one-star reviews for the Truck Cargo Simulator, one noted his device slowed down after it forced him to download an app that wasn't the game itself. Many simply called it a scam.

28 of 62 comments (clear)

  1. obligatory by Anonymous Coward · · Score: 1

    A strange game.
    The only winning move is
    not to play.

    1. Re:obligatory by mermeid007 · · Score: 1

      isn't this due to cross-site AJAX calls being disabled in Javascript and then subdomains didn't cross-link right so people turned it off?

  2. Google Play is malware by themusicgod1 · · Score: 1

    and everything on it. If you can't reproducibly build the apks yourself, and install them without Google, that is 'bad' / 'unhappy' enough to be considered badware/unhappyware/malware.

    --
    GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
    1. Re:Google Play is malware by farble1670 · · Score: 1

      If you can't reproducibly build the apks yourself, and install them without Google, that is 'bad' / 'unhappy' enough to be considered badware/unhappyware/malware.

      That's up to the developer. If they want to post their source for you to build and install outside of Google Play they can do that. In fact, you can even choose to only install such apps. You can do this today.

    2. Re:Google Play is malware by themusicgod1 · · Score: 1

      Yes, we should choose not to install unsafe software.

      --
      GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
  3. It's much worse than that... by freak0fnature · · Score: 1

    Take an app like MegaN64 (N64 Emulator), perfectly good app for years. You use it, you trust it. Then one day it auto updates, only the update is infected with malware. Despite the recent poor reviews and warnings, despite reporting it to Google, the app is still available.

    1. Re:It's much worse than that... by CaptainDork · · Score: 1

      The problem you're describing is the fault of Google Play.

      Google warns against side loading, but what's the risk differential?

      Google's walled garden's got cracks in it and can't be trusted.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:It's much worse than that... by Aighearach · · Score: 2

      If you care that much about security, you already were refusing to install apps that ask for more permissions than they absolutely need for their core purpose.

      If you're like the average user and you're willing to say "yes" to letting a random application that isn't a phone dialer or email app access your mobile contacts, you've already agreed to be p0wned.

      You use it, you trust it.

      If you trust stuff you downloaded off the internet, you're already pre-p0wned; your system of using technology not only lacks basic protections, it lacks a willingness to be protected.

      It was always a mistake to trust shit. Stop trusting shit. Malware exists. Server bugs exist. Even when none of the humans making and offering the app did anything with the intention to violate your trust, your systems still got p0wned because you gave out excessive permissions and received the expected results.

      And when it starts looking like "all the apps require inflated permissions," simply switch to f-droid and you'll find reasonable alternatives.

    3. Re: It's much worse than that... by TheFakeTimCook · · Score: 1

      Nor can Apple's. How many white hat hackers penetrated the walled garden and got away with it? All of them. Only when they self reported did they get booted.

      Add to that nobody else can reliably scan apps for malware, and you're just asking for it

      You mean like BOTH of them?

      Funny that there haven't been any significant malware incursions in either of Apple's App Stores, whereas there have been literally HUNDREDS OF THOUSANDS in Google Play.

      Somehow, I don't see the equivalence you are trying to foist.

  4. Re:In other news by bobstreo · · Score: 1

    Dog bites man
    Water is wet
    Trump Lies
    The Patriots are cheaters

    FTP (not the ancient file transfer protocol this time)

  5. Re:TFA is ridiculous by NoNonAlphaCharsHere · · Score: 3, Insightful

    People download and install a game(s) that has "masses" of one-star reviews saying "this shit don't work" and "probably a virus" and clearly that's somehow Google's fault. Gotcha.

  6. Re:Google vs Microsoft vs Apple by Anonymous Coward · · Score: 1

    Android is open source, meaning you have a choice of tons of ROMs or to put together your own from AOSP.
    Google Play isn't the only place you can get apps from. Amazon and F-Droid have them too. All of my Android apps come from F-Droid.

  7. So far only "reports" and supposition by Zero__Kelvin · · Score: 2

    I don't see any confirmation of the claims being made here. Some user saying it must be malware because his phone slowed way down? Users blame all manner of expected behavior on malware when they don't understand what is going on. Perhaps the games work on the developers system but fail on other phones with different hardware and/or Android versions. Until someone actually analyses it and confirms I will withhold judgement.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    1. Re:So far only "reports" and supposition by Aighearach · · Score: 1

      OTOH, I'm not convinced either.

      OTOH, I'm going to keep using fdroid for most apps, and not installing anything that wants more permissions than it needs.

  8. Re:TFA is ridiculous by DontBeAMoran · · Score: 1

    Maybe it is partly Google's fault. How long did it take for them to react and remove the offending applications?

    --
    #DeleteFacebook
  9. Luiz is a Prick ? by nukenerd · · Score: 1

    one developer called Luiz Pinto

    Isn't "Pinto" Portuguese for a dick ?

    1. Re:Luiz is a Prick ? by FunkSoulBrother · · Score: 1

      I mean, "Johnson" is English for a dick and millions of people have the last name. What's your point?

    2. Re:Luiz is a Prick ? by nukenerd · · Score: 1

      My point is that this guy might be having a laugh at his victims with his name.

  10. Worked for me by Tablizer · · Score: 1

    Whaddya mean it's fake? I went for a nice simulated drive with a Nigerian Prince in the countryside.

    --
    Table-ized A.I.
  11. Re: In other news by bobstreo · · Score: 1

    It's so old news, you forget we've always been at war with Finland over their forest raking.

    Only socialists and communists rake their forests.

      It's like not letting people pump their own gas, creating so many jobs in NJ and Oregon.

    In other Rake News...

  12. Re:Google vs Microsoft vs Apple by Aighearach · · Score: 1

    That's merely a steaming pile of No True Scotsman.

    If you don't have the google services, it is still Android.

    Maybe you just don't know what the words mean?

  13. Re:TFA is ridiculous by farble1670 · · Score: 1

    Google could do better to protect users on Google Play, Stefanko added. "Many times it would be simply enough to scan apps with anti-virus software before uploading them on to Google Play," he said. Given Google owns an organization that could do just that, Virus Total, that shouldn't be too much of an ask.

    From reading TFA, it sounds like the apps were shells with no real content (or malware), then attempted to download and install malware via "unknown sources", for users that had that enabled. In other words, the game wasn't really detectable malware, it just wasn't a game, and attempted to exploit users that ignored all of the security warnings telling them not to install from untrusted sources.

    This is why the Fortnite installer was such a big deal. It forced users to allow install from unknown sources. How many people did that without knowing the holes, like this, that it opened up.

  14. Re:TFA is ridiculous by TheFakeTimCook · · Score: 1

    It is that people keep coming up with dodges that evade the scanning and then the scanning engines have to get updated to deal with the new malware. This is just another instance of that.

    That's funny!

    Unscrupulous Developers try that stuff constantly with the iOS and Mac App Stores, too.

    But the difference between them and Google Play, is that with the Apple App Stores, I can count the successful "dodges" on just a few fingers.

  15. Re:Google vs Microsoft vs Apple by sexconker · · Score: 1

    If you don't have the google services, it is still Android.

    Wrong. Look at how Google licenses and brands Android. Look at what OEMs are forced to agree to if they want to advertise their device as an Android device. Look at what they have to agree to to get access to the latest builds of Android.

  16. The difference by SuperKendall · · Score: 1

    Nor can Apple's. How many white hat hackers penetrated the walled garden and got away with it? All of them.

    I would not say all, because you cannot know how many attempts were stopped at review stage.

    Furthermore, there have been a number of instances where something with a problem did make it through, but Apple withdrew it. Those were not "self-reported".

    But on top of that iOS has long been simply a better environment to accidentally download a malicious app into... for what harm could it do? It was going to have to access your permission for anything interesting (and this is the important bit) AT TIME OF ACCESS, not in a blob up front as Android did for so long (I think they have sort of fixed that recently).

    A rogue IOS app isn't going to be able to make or monitor calls or texts without you manually helping it. There are whole classes of malware that simply never have and cannot exist on iOS that work just fine on Android.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  17. Re:TFA is ridiculous by khchung · · Score: 1

    People download and install a game(s) that has "masses" of one-star reviews saying "this shit don't work" and "probably a virus" and clearly that's somehow Google's fault. Gotcha.

    And how do you think those "masses" of one-star reviews got posted, if not for "masses" of people downloading and installing it in the first place?

    --
    Oliver.
  18. Re:TFA is ridiculous by Waccoon · · Score: 1

    Walled gardens are great because they protect you from malware. It's good for you!

    Wait, you got malware? It's your own damn fault!

  19. Re:TFA is ridiculous by farble1670 · · Score: 1

    3. The user assumed that because the first app came from said Authority, and had said Authority's blessing, that anything subsequent apps did was "safe" and "approved" as well.

    For the trojan to get installed the user had to explicitly bypass security settings and ignore many security warnings. So your claim is that in spite of the authority telling the user to explicitly not do something, they did it anyway, and that's the authority's fault. Well I am sorry, but that's not how reality works.