Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, incl Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, TechSpot, ZDNet, and CNET. Stay in touch via Facebook, Twitter, and Google+.
Cybercriminals have started targeting Android device owners looking to connect and modify their smartphones and tablets. They are using searches for phrases like “Windows Android drivers” and everything in between to serve up malware for Windows computers as well as malware for Android devices distributed via fake Google Play stores.
One such Yahoo search result is for the Samsung Galaxy GIO S5660 but naturally it is very likely cybercriminals are targeting more than just one device and on more than just one search engine. Nevertheless, visiting the Russian URL in question automatically downloads a file called install.exe, detected by GFI as as Trojan.Win32.Generic!BT.
The Trojan modifies Internet Explorer’s homepage to a sign-up page for a Russian “escort” site. Yet the scam doesn’t stop there. If a user accesses the same site via an Android device, he or she is led to various different malicious sites.
One of them takes the user to Russian sites containing fake search results. All the links on the search pages direct users to one of five fake Google Play stores:
GFI says: “Thinking that they’re on the actual Google Play website, it is highly likely that users may end up downloading malware onto their mobile devices.” We don’t think it’s “highly likely,” especially given that the searcher set out looking for USB drivers, but it wouldn’t be the first time Android users are duped by fake Google Play stores.
Either way, there are two kinds of Android Trojan premium SMS apps being distributed on these fake stores, both detected as Trojan.AndroidOS.Generic.A. Like the majority of Android malware, these malicious apps sends expensive international text messages to earn their creators revenue. Some variants even connect to a Command & Control (C&C) server to send and retrieve data, as well as await further instructions.
GFI offers the following advice:
These fake markets are looking more and more sleek and professional, so extra care is advised. Only visit and download genuine apps from the real Google Play website by keying in play.google.com to the address bar of your mobile or PC internet browser. This ensures that you will not be directed to sites that merely look like the actual site. This also ensures that the readily available apps you wish to download are not malicious.
Yet GFI has forgotten about the other side of the story. Windows users looking for Android USB drivers should heed the same advice: only navigate to official sources to download tools for your phone. These include the site for your phone’s manufacturer as well as your carrier’s site.
Image credit: Carl Silver
Get the TNW newsletter
Get the most important tech news in your inbox each week.