Google Play, formerly known as Android Market, has been in the spotlight of late due to a number of apps researchers within the security industry have been finding and reporting. No longer does Play house just Android apps and games. It now has e-books, movies, and music files that users can downloaded to their devices.
But it seems that the threat remains within apps and games.
GFI Software threat researchers in the AV Labs spotted 20 applications-mostly from one app submitter-currently up on Google Play that bank on certain interests to target Android users. Below is the complete (linked) list so you know what apps are being discussed. Please note that visiting the below links is perfectly safe – you have to physically choose to install the apps on your mobile device.
- Invite Me, a supposed Pinterest app that allows interested parties to get invites, by AppPal Inc.
- Get Pinterest Invited, another app that claims to do the same as the previous one but in under four hours, by tamnd.androidiconpacks.
- Angry Birds Money, an app that purports to give users $500 worth of gift card or a freebie for “completing the offer”, by geegyboy.
- Pinterest Money, another app created by geegyboy that has the same description as the Angry Birds Money app, by geegyboy.
- Halo 4, an app purporting to be related to the popular game Halo that also banks on giving rewards to users, by geegyboy.
- WWE 12, an app that target wresting fans and promises free tickets, by geegyboy.
- iTunes Gift Cards, an app that promises gift cards, by geegyboy.
- NBA 12, an app that promises a free NBA jersey, by geegyboy.
- Star Wars, an app that targets players of the popular game Star Wars, promising free game cards, by geegyboy.
- iPad Theme, an app that targets iPad owners, promising a new iPad 3, by geegyboy.
- Win Free iPad, an app that allows users to fill in a survey in order to win an iPad, by geegyboy.
- Fast Food Gift Cards, an app promising to give away free restaurant gift cards from major food chains, by geegyboy
- Walmart Offers, an app that targets Walmart shoppers and promising free money or gift item, by geegyboy.
- Xbox Connect, an app that targets Xbox users and promising free money or gift item, by geegyboy.
- Best Buy Gift Card, an app that targets Best Buy shoppers and promising free money or gift item, by geegyboy.
- Asphalt Money, an app that targets users of the game Asphalt and promising free money or gift item, by geegyboy.
- Watch Free Movie, an app that promises free movie tickets, by geegyboy.
- Android to iPad, an app that allows users to fill in a survey in order to win an iPad, by geegyboy.
- Cashbackdeals, an app whose name, I think, says it all. Still by geegyboy.
- Justin Bieber, an app that doesn’t sell the pop star but promises to give away free gift cards or gift pack to his fans, by geegyboy.
All of the “geegyboy” apps do much the same thing – entice the user with a favourite product, then pop surveys on the mobile device. Note that they do mention the surveys on the product description – here’s a typical example:
” Do you Shop Walmart?
You Could able to Receive $1000 For participation.
How is this possible?
Note – This is nothing related Walmart its an affilate page to win gift cards , dowload only if you are intrested.
Complete the offer and you could able to win a $1000 Visa Gift Card or Get an Ipod Free.How Its easy , The sponsors pay to be a part of the program , which allows to give the participants incredible gifts. “
Here’s an example of some of the surveys you’ll see (in this case, from the Walmart Offers and Pinterest Money apps):
While some of the above apps are entirely generic, it’s harder to justify the existence of apps such as the Halo 4 and Star Wars downloads – the (extremely slight) link to the unreleased Halo 4 on the app page seems to be two images (one of which dates back to at least 2009) and the page for the Star Wars app simply shows the same screenshot of ingame action from Star Wars: The Old Republic twice.
Beyond that, there is no indication of what connection this app has to The Old Republic unless the user downloads the app to their phone.
Let’s take a look at the Get Pinterest Invited and Invite Me apps.
Once installed, Invite Me asks for an email address to obtain a Pinterest invite, but stresses that manual processing may “take a little time”. They then go on to say they can speed things up by asking users to complete various advertising offers, such as applying for a Netflix membership, a Capital One credit card or to download certain free games. Offers accomplished are then translated to “points”, so the more offers users complete, the more “points” they gain. The more “points”, the faster they’ll receive the Pinterest invite.
Click to Enlarge
Get Pinterest Invited works along similar lines, asking for an email address and promising an invite “within four hours”. Four hours later, and we’re still waiting.
Pinterest invites? There’s no app for that, unfortunately. In fact, you don’t need one to get it. You simply need to go here and ask for one.
Just last week, our colleagues at Sophos have spotted several apps on Google Play purporting to be games using characters from Nintendo. How can you tell if the app in Google Play you’re downloading is legit or not?
Check the app’s basic details in the Overview tab of it’s page. If it offers freebies in exchange for filling in a survey or giving them your email address (much like the apps listed above), it is highly likely what you have there is a fake app. If an app may seem suspicious to you, try researching more about it or ask someone who you think might help you in finding out what that app really does.
Stay informed and stay safe!
Jovi Umawing and Christopher Boyd (Thanks to Randall and Robert for spotting the apps, and Adam and Dean for additional information and analysis)
Leave a reply