Beware of Fake Google Play icon

Be careful if you find there are two online app store icons that appear on Google Play your Android device . One of the icons are likely to be malicious applications ( malware ) that deliberately to trick users who do not know the difference .

Ruchna Nigam , security researcher at FortiGuard Labs , Fortinet as quoted from a press release received by ROL , Thursday ( 13/2 ) states that trap icon appears after users downloaded an application called " Real Basketball " in the official Google Play store . According to data released by Google Play , this application has been installed on the device 10,000-50,000 .

When the user clicks on the fake Google Play icon , the user will see a blank screen . Although there is no display of any kind, the application silently work and spend a lot of data on mobile connectivity .

Fortinet detects this malware as Android / FakePlay.B ! Tr . Malware that allegedly created by the developers of Turkey made ​​the profit motive would like ( Click fraud ) .

How it Works Malware :

First , the malware used to register IP devices through the site " http://www.mobilefilmizle.com/ipzaman.php " . This site referenced any malware application is opened , to ensure that the device is connected to the internet and whether there is a change of IP address . The ultimate goal is to determine whether the application can be run malicious functions or not .

Furthermore , the malware connects to a website that will provide a list of search terms and keywords . Then the malware will iterates through the list to carry out its main activities are dangerous as below :

1 . Any search terms entered as a search entry on google.it

2 . Each search results page will open . Malware look for the link on the various pages that have a specific format and clicking with the mouse events using Javascript . In the end, the malware can click many ads link that allows the attacker to take advantage of the advertising that is Pay Per Click . Click fraud technique called also previously been used by the PC malware .

The interesting thing is the whole functionality of the browser emulated using JavaScripts , that can be seen malware 's ability to function independently without user interaction . After all search words collected , the application displays the download page official Facebook app , which is a way of assuring end-users that the application is legal .