While doing a routine "patrol" of popular Android app markets, McAfee researchers have discovered a whole host of bogus apps - hacking tools, utility tools, pornographic apps - that only pretend to do what they say they do, and in the meantime push unwanted ads and apps onto users:
"Once installed by the victim, the apps appear to work at first but in fact they simply display screens with interactions that are all fake, using hard-coded or random values generated by the code to seem legitimate. In short, these apps are fake or joke applications," explains Yukihiro Okutomi.
The ad modules bundled up with them keep bombarding the user with ads even when the app is not in use. Some of them can scan the device and see what apps are already installed (so they can offer others), and one even tries to download a bogus AV app called Armor for Android.
These apps are offered by various registered developers that every now and then get the boot from Google Play, but immediately open new accounts with a different name and continue to peddle the apps under changed names but often similar claims about their capabilities (usually those that legitimate apps are unable to offer - Facebook hacking, WiFi hacking, etc.).
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.