ThreatTrack Security: QR Codes Deliver Boxer Malware
A variety of fake game downloads infect users with Trojan.AndroidOS.Generic.A, a Boxer variant designed to send text messages to premium numbers.
ThreatTrack Security Labs researchers recently came across a Web site hosting fake Android apps that leads users to page where they can purportedly download games. Users who visit a game page will see a description along with a QR code that redirects them to a fake download page.
Notably, the researchers found that the URLs can only be accessed from specific locations in the world -- users outside those locations are simply redirected to Google.
In one example, the researchers visited the page for a fake Angry Birds Space app -- the QR code points to a fake APK, which is downloaded without requesting user permission. Other page for games ranging from Bloons to Modern Combat 4: Zero Hour also lead to similar APKs.
All the APKs have the same DEX file, which ThreatTrack detects as Trojan.AndroidOS.Generic.A, a Boxer variant. When the malware is executed on a device, it connects to three command and control servers, which send text messages to premium numbers and determine how much the infected user would pay per message.
ThreatTrack urges all Android users to be cautious in visiting any Web page that claims to offer free app downloads.