March 22, 2012Armando Orozco By Armando Orozco

Rogue APKs continue to find new homes

by Armando Orozco

We’ve been tracking rogue premium-sms Android apps for sometime now. Here’s an interesting site we came across offering a download of the Google Music application, but this one comes with a cost. This site serves up a premium-sms Trojan of the ransom variety. Targeting Russian speakers these Rogue’s, we call Android.FakeInst, offer to give access to the app but for a fee.


People who install this rogue will be charged a fee of 3 premium rate test messages. There is some randomization that takes place with the app. The overall code doesn’t change, but md5 checksum changes with each download and every couple of days the package name will change.

These malicious sites must be very successful and profitable, they continue to pop-up everywhere. A few weeks ago members of the crew who distributed the Foncy SMS Trojan were arrested in France, they and profited around $150,000, not too bad. Remember when downloading Android apps choose them wisely and download from a trusted source. Check reviews, research the developer and verify permissions requested before downloading.

Share Button

2 Responses to Rogue APKs continue to find new homes

  1. I have a concern that the apps in the software for Best Buy, HP, Dell, Walmart etc, any company that puts a app in their software for instance Dell support center or dock has a down loader invader in it. Double anti spyware found it as did avast. My laptop so infected. It came that way. I took 5 computers back, hp, Walmart, Sony, Toshiba, because spyware and invader was found on them. I could be wrong but don’t think so. My laptop is a year old I have had 3 hard drives one replacement laptop and I am getting hard drive errors on this one. unfortunatly my warranty is out.
    I do like Webroot it is a strong an powerful software.

  2. Pingback: Beware of Fake Adobe Flash Apps « Webroot Threat Blog

Leave a Reply

Your email address will not be published. Required fields are marked *