Slashdot Mirror

← Back to Stories (view on slashdot.org)

500,000 Duped Into Downloading Android Malware Posing As Driving Games On Google Play (forbes.com)

Posted by ryuzaki0 on from the security-woes dept.

Be careful what you're downloading from Google Play. Especially if it's one of 13 apps posing as driving games created by one developer called Luiz Pinto. From a report: More than 560,000 have already been tricked into downloading the games, which include a mix of luxury car and truck simulation apps, as discovered by Android malware researcher Lukas Stefanko. Once installed on a user's Android device, the games don't actually work. Looking at the reviews on Google Play, users who downloaded them complained it was a virus. For instance, among the masses of one-star reviews for the Truck Cargo Simulator, one noted his device slowed down after it forced him to download an app that wasn't the game itself. Many simply called it a scam.

3 of 62 comments (clear)

  1. Re:TFA is ridiculous by NoNonAlphaCharsHere · · Score: 3, Insightful

    People download and install a game(s) that has "masses" of one-star reviews saying "this shit don't work" and "probably a virus" and clearly that's somehow Google's fault. Gotcha.

  2. So far only "reports" and supposition by Zero__Kelvin · · Score: 2

    I don't see any confirmation of the claims being made here. Some user saying it must be malware because his phone slowed way down? Users blame all manner of expected behavior on malware when they don't understand what is going on. Perhaps the games work on the developers system but fail on other phones with different hardware and/or Android versions. Until someone actually analyses it and confirms I will withhold judgement.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  3. Re:It's much worse than that... by Aighearach · · Score: 2

    If you care that much about security, you already were refusing to install apps that ask for more permissions than they absolutely need for their core purpose.

    If you're like the average user and you're willing to say "yes" to letting a random application that isn't a phone dialer or email app access your mobile contacts, you've already agreed to be p0wned.

    You use it, you trust it.

    If you trust stuff you downloaded off the internet, you're already pre-p0wned; your system of using technology not only lacks basic protections, it lacks a willingness to be protected.

    It was always a mistake to trust shit. Stop trusting shit. Malware exists. Server bugs exist. Even when none of the humans making and offering the app did anything with the intention to violate your trust, your systems still got p0wned because you gave out excessive permissions and received the expected results.

    And when it starts looking like "all the apps require inflated permissions," simply switch to f-droid and you'll find reasonable alternatives.