If a deal sounds too good to be true, beware. And if it’s a new Android app that promises to give you early access to Amazon’s Black Friday deals, be especially wary.
You know where this is going…
The security firm Zscaler Research first discovered the app, which the company says is designed to steal your personal information. When installed, the app apes the look of the Amazon icon to really sell the con.
Once you open the app, Zscaler says, it will launch a completely different app called com.android.engine. That will then ask you to grant the malware a slew of special permissions, including the ability to see your text messages, call logs, and contact information, as well as to send texts and make calls. It can even view your Web browser’s history.
Fake apps like this one can rack up huge charges on your bill by autodialing pay-by-the-minute phone lines operated by the attackers. (Image: Zscaler.com).
Here’s the kicker: Even if you delete the fake Amazon app, the secondary app will stay hidden on your device until you find and delete it, which can be tricky since it doesn’t have an app icon.
Zscaler doesn’t say what the information the app is collecting could be used for, though apps of this nature can be designed to hold your data for ransom.
The biggest thing to remember about apps like this is that they have to be downloaded from a third-party URL, not the Google Play Store. And to even install the app, you have to allow third-party app installations in the Android Settings menu. So getting this thing on your phone isn’t exactly as easy as downloading your Facebook app.
The real Amazon Underground app, left, has a slightly different file name (Amazon_App.apk), is much larger than the fake one (35 MB vs 130 KB), and isn’t found on a site ending with .cc in the URL.
It’s worth pointing out, however, that Amazon offers its own Underground app that you have to install in much the same way as this phony app. Amazon’s offering, though, provides you with free apps and games and doesn’t steal your information.
It’s obvious that the malicious app’s makers are targeting Amazon users who are familiar with the Amazon Underground app but may not be savvy enough to tell the difference between it and the malware.
Remember, there’s no such thing as a free lunch or early Black Friday deals.
Read more great Yahoo Tech stories:
via: Zscaler Research