by Armando Orozco
We’ve been tracking rogue premium-sms Android apps for sometime now. Here’s an interesting site we came across offering a download of the Google Music application, but this one comes with a cost. This site serves up a premium-sms Trojan of the ransom variety. Targeting Russian speakers these Rogue’s, we call Android.FakeInst, offer to give access to the app but for a fee.
People who install this rogue will be charged a fee of 3 premium rate test messages. There is some randomization that takes place with the app. The overall code doesn’t change, but md5 checksum changes with each download and every couple of days the package name will change.
These malicious sites must be very successful and profitable, they continue to pop-up everywhere. A few weeks ago members of the crew who distributed the Foncy SMS Trojan were arrested in France, they and profited around $150,000, not too bad. Remember when downloading Android apps choose them wisely and download from a trusted source. Check reviews, research the developer and verify permissions requested before downloading.