INCA Internet response team detected malicious APK files are spreading from certain fake Google play site. Not only for this case, had we reported various cases including shortened URL service on SNS and famous streaming video-sharing website. With the increasing number of Android user, security threats are growing at the same time. Therefore, users should notice about malicious files for Android users.
2. Spreading cases and symptom of infection
Official address of Google play is https://play.google.com. Language of that site goes with browser's language.
Fake Google play site shows Russian language.
This site shows about 50 famous Android applications for download.
Besides, each app shows installation procedure and tries to be installed with disguising as a normal app.
This site contains several famous Anti-Virus apps.
When user chooses certain area, APK file will be downloading and installed with additional command. All of these apps are malicious APK files and coded same technique including "classes.dex". Only different thing of these files is its icon.
Following phase will be shown on installation.
These malicious files can be detected on our nProtect Mobile for Android.
Not only for this web site, various fake web sites were found.
INCA Internet has detected various Android malicious files on overseas.
Following set of capture images means various abnormal markets are on working.
With the growth of Android users, the number of malicious attackers is also increasing.
There hasn't been actual statistic report or real damage case so far, though; users need to be careful from these security threats. . To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.