French hacker steals over $600,000 using fake Android apps
Only 20 years old and operating in his parents basement, the French hacker stole over $600,000 from over 17,000 users since 2011. His method of choice was mimicking popular paid Android apps, but he advertised his as free. Once the users installed the seemingly free version, the devices would then send text messages to premium-rate number he previously setup. The fake apps setup also had the ability to send home passwords to social networking and gambling passwords, ouch!
Authorities report the kid is fairly smart, and had no former training in the field. The kid reported said all he wanted to be is a software developer. Well then, he sure does have the smarts, still missing are the ethics.
People, please be mindful of what you download on Android Play Store, it is still the Wild Wild West!
Related Posts
About The Author
What make you think these apps were on the Play Store? I see nothing in the article that says that? This is the kind of crap people DL from forum links.
If you check “Unknown sources” and then install apps from Warez forums, you’re on your own.
Not an Android user so please help to enlighten me, so I can possible help my friends who are Android users.
-Any Android user can download apps outside the Play Store (meaning no root required)?
-It is solely up to an individual to use their discretion when installing an app from outside Play Store (assuming the above is true)?
-Are there any warnings in Play Store alerting users of the hazards they may encounter if they wander?
Serious questions.
Yes there is a setting to allow installs from unkown sources. You have to enable it in order to get the amazon app store. You don’t have to be rooted. If you download an APK and install it you should know the risks. Its similar to how we side loaded apps on our old windows 6 phones. Download an APK file, browse to it, click to install. The user very much knows if they get an application from the play store or not.
“Download an APK file, browse to it, click to install.”
and “Accept permissions”. An app will show what services it can request access to. If they are questionable for what the app does, don’t allow it.
Android allows the user to have much greater power over what’s on their phone than most any other phone OS, but as the saying goes ” With great power, comes great responsibility”
If you answer emails from Nigeria, Android may not be for you.
Jim:
Not any user, the user has to have a phone that hasn’t had the option in the phone’s settings to allow the installation of apps that are not on the market. It’s an opt-in setting, so a user would have to hunt it down, disable the blocking (if they had a phone that lets you do that), disregard the warning that it’s dangerous, then hunt down these APK files (like cabs) on often-shady websites. So it takes a savvy user and one who opted to do it after having been warned with informed consent that it’s dangerous.
So, 1) no, not any Android user, only savvy risk-taking users who bought a phone that isn’t locked down. 2) Yes, but they are warned very clearly about the (elevated) danger. 3) The warnings are found in the system settings when you attempt to unlock a phone to let you install applications you found outside of the store, and you are warned of the permissions any given application, including those on the store, require before you install them (IE it will use the Internet connection and it reserves access to your contacts, like Skype).
Also Jim, Google has the ability which they excercise when needed, to perform a “remote kill” of an application that they deemed to be a serious threat, to not only remove it but push in something to clean up any mess it may have made. But I don’t know if they can use it to zap unknown source apps in addition to those on their app store.
http://arstechnica.com/gadgets/2011/03/google-using-remote-kill-switch-to-swat-android-malware-apps/