Grand Theft Auto is a popular target for shenanigans, and today we’re going to look at an unofficial GTA Vice City game that wants users to install a variant of Boxer which claims to be a Flash update (you can see an example of fake Flash installs here).
Let’s start off by mentioning that the only games Rockstar have released on the official Google Play site are versions of GTA 3 and the original Max Payne. There is no version of Vice City currently available from the publishers, much less a version authored by someone called “Vickie” sitting on a Russian language download site registered to someone in China.
Click to Enlarge
Click to Enlarge
The first review on the site probably should have sounded a few alarm bells:
Click to Enlarge
Downloading and installing the .apk from 1mobile(dot)com/gta-vice-city-507346(dot)html will eventually give the end-user a nice little Vice City icon on their dash:
Click to Enlarge
Now you can ride around town in pastel suits while listening to Flock of Seagulls, right? Right?
Uh…maybe not. The original file doesn’t have permission to install anything of its own accord, so once you’ve installed and are about to relive your best Crockett and Tubbs fantasies a full screen button appears telling you to push it and start the game. After that, another message appears telling you that “Flash Player is required” and gives you a link to a fake Flash player.
Click to Enlarge
Here’s the Permissions that Flash_Player would like you nod at in agreement:
Click to Enlarge
What we have here is Boxer, and anyone installing this will find they have premium rate SMS messages being sent out to look forward to. I think reminiscing about Yan Hammer and rolled up sleeves is the least of your worries by this point.
There’s also a similar file on the download site which claims to be a “Z.O.N.A. racing” game – you’ll end up with the same slice of Boxer action should you install. It’s also worth noting that the GTA Vice City page claims there have been 27,000+ downloads so far, though there’s no way to know how accurate this is. Files asking the user to download a fake Flash Player separately is a pretty nifty trick and one that a lot of phone owners could fall for.
We detect the original apps as: Trojan.AndroidOS.FakeInst
We detect the Boxer variant as: Trojan.AndroidOS.Boxer.d
If you’re curious, the VirusTotal result for the Boxer is currently at 11/42.
Anybody desperate for their fill of Vice City should just go and buy it from Steam; you won’t get much joy from grabbing unofficial versions for your mobile devices, especially when they’re asking you to install fictitious downloads of third party programs such as Flash Player.
Do like the song says, and run so far away. Just don’t get the haircut…
Christopher Boyd (Thanks to Randall for discovering this)
Leave a reply
