Fake Reviews Trick Google Play Users

by


gsmarena_001

Here at Webroot, we are constantly on the lookout for malevolent Android apps. In most cases, you do something malicious with your app and you get marked accordingly, but it’s not always that simple.

Two weeks ago an app called “Virus Shield” popped up on the Google Play store. Within days, Virus Shield became Google Play’s #1 paid app. With thousands of reviews and a 4.7 star rating, who would question it?  Well, a few people did, the code was looked at, and Google pulled it from the store.  They have even gone as far as to make amends with those scammed in the process.

Here’s the app description previously seen on Virus Shield’s Google Play page:

Virus Shield is an Antivirus that protects you and your personal information from harmful viruses, malware, and spyware.

Improve the speed of your phone with just one click. This app was designed so that anyone can use and protect their phone.

  • Prevents harmful apps from being installed on your device.
  • Scans apps, settings, files, and media in real time
  • Protects your personal information
  • Strong antivirus signature detection
  • Very low impact on battery life
  • Runs in the background
  • No, ZERO pesky advertisements

Too bad it doesn’t actually do any of these things. So what about the malicious things it does instead? Well, it doesn’t do anything malicious either. In fact, it has hardly any code at all.

Let’s take a step back to those reviews. How did an app get such a huge amount of good reviews in such a short period? I think that’s where the real deception was happening.

Here are some stipulations for writing reviews on Google Play:

  • You must install an app to be able to review it.
  • Reviews are tied to your Google Account.
  • You can only review any app once per account.

I’m not clear on the exact process, but it seems the author created automation to use fake accounts to install the app, write a review, and then repeat the process continually in order to bust review ratings and download counts.

Suddenly, a no-name app has become Google Play’s top paid app. Other users now see it at the top of the charts, install it for themselves for $3.99, and the author makes a profit.

Although the app itself didn’t have malicious code, there was definitely malicious intent. For this reason, we’ve marked this app as Android.FakeApp in case it ends up on any other Android marketplaces.


Tags:



About the Author

Name: Nathan Collier


Nathan was a Senior Threat Research Analyst for Webroot, having been with the company since October 2009.  He started has career working on PC malware, but now spends most of his time in the mobile landscape researching malware on Android devices.  Because of his early adaptation to mobile security, Nathan has seen the exponential growth of mobile malware and is highly experienced in protecting Webroot customers from mobile threats. He also enjoys frequently traveling with his flight attendant wife, Megan, and is a competitive endurance mountain bike racer in Colorado.


1 comments
RedboxMobile
RedboxMobile

It's one thing to allegedly create an automated process that downloads and posts reviews, it's altogether another, and far more complex but especially expensive activity, to "purchase" the app at $3.99 to be in a position to review the app.