F-Secure researchers have recently spotted ads for such a market beings served on an Android-related site, and having followed it, they discovered that it hosts a number of malicious sites that push bogus/malicious apps. One of those poses as a "Phone Optimizer" app that supposedly reveals hidden functions.
"The idea is that the manufacturers would then earn money through an OS update that unlocks the hidden features," explain the researchers. "This site claims to check your phone for such hidden features and unlock them."
Once the device is "analyzed", the user is offered an update module that supposedly does exactly that:
Unfortunately, the offered download link does not lead to the promised update module, but to an app that sends text messages to a premium-rate number based in the country in which the user is located.
It's interesting to note that if the user visits the site through the link in the "Phone Optimizer" app, he will be served with a .apk file - other visitor will be presented with a .jar version of the same file.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.