Olympics and Android hit by malware and rogue apps

GFI Software released its report of the most prevalent threat detections encountered last month. In July, GFI threat researchers observed a number of malware attacks targeting mobile users, including fake applications exploiting consumers’ interest in the official app for the 2012 Summer Olympic Games as well as mobile Web browsers such as Firefox and Opera Mini.

“Mobile malware is a relatively new frontier for cybercriminals, but that does not mean that their attacks are any less sophisticated or dangerous,” said Christopher Boyd, senior threat researcher at GFI Software. “Many users are not aware of the fact that cybercriminals have created malware specifically for Android devices and are rushing to download apps before ensuring that they are legitimate.”

Just days ahead of the 2012 Summer Olympics opening ceremonies in London, GFI researchers uncovered Russian websites hosting Trojans posing as the London 2012 Official Mobile Game app. The websites were designed to mimic the official Google Play app market in order to trick users into downloading the application.

GFI also discovered a spam email campaign falsely promising victims a chance to win free airline tickets to the London Olympics in exchange for filling out a survey and supplying personal information.

Users also encountered a phony version of Firefox for Android exploiting the recent release of the official Web browser on Google Play in June. The application is part of the Boxer malware family, which normally tricks users into agreeing to send premium SMS messages before directing them to the official Firefox website. This version of the app goes a step further and installs the application without notice, covertly sends premium SMS messages and directs users to the Google homepage.

GFI researchers believe that this may be a tactic used to convince users that the app was not installed properly, thus returning to the scam website and going through the process multiple times.

Mobile users interested in the Android version of the Opera Web browser were in danger of coming across the OpFake family of Trojans, which often pose as the Opera Mini application. Like victims of the Boxer Trojans, users who fell for this scam had their phones send SMS messages to premium-rate numbers without their knowledge.

The version of OpFake uncovered by GFI also installs the real Opera Mini Web browser in order to trick users into thinking that they have installed the correct application. Victims of this scam would not realise anything was amiss until they receive their monthly phone bill.

Don't miss