Malware, Phishing Scams Masquerade as Cracked APK Files on Google Play Books
TTS
A report explains how Google Play Book publishers that are offering cracked and modded Android APK files as part of fake game guides are exposing users to malware and phishing scams.
In a post published on its website, Android Police notes how it has identified at least a dozen sellers of these fake guides, though it concedes that the actual number is likely much greater than that.
Some of the most prolific sellers include Monster Guides Editor Pro, Johnny Bravo, and Leon Master, most of whom offer games and apps for sale at prices well below their legitimate counterparts.
Android Police goes on to explain that Google is swift to remove fake apps in Play Store but has developed a āblind spotā with regards to books, an oversight which attackers are leveraging to deliver malware to users.
[adsense size='1']
Each fake guide contains a set of download links and installation instructions. When a user clicks on any of the links, they are connected to Androider, a site that conceals all downloads via a wall of ad redirects. The page then downloads malicious .exe files to a userās computer and suspicious APK files to their Android device.
Reports suggest that these guides also have targeted victims in phishing scams.
Security researchers with Android Police believe this threat affects everyone, whether or not individual users are purchasing cracked APKs.
āGoogle canāt let scammers run roughshod over the Play Store,ā notes Ryan Whitman, a tech/science writer and Android Police blogger. āAuthors and developersĀ rely on the Play Store to make a living, and letting this stuff exist undermines confidence in the ecosystem.ā
Whitman goes on to explain that these fake guides, which show up in search results, also threaten users who might not be able to readily distinguish these fake ābooksā from the real ones.
As he sums up, āProviding a portal for people to get scammed, even if they should know better, is not okay.ā
Gloss