ThreatTrack Security Labs researchers recently came across a Web site hosting fake Android apps that leads users to page where they can purportedly download games. Users who visit a game page will see a description along with a QR code that redirects them to a fake download page.
Notably, the researchers found that the URLs can only be accessed from specific locations in the world -- users outside those locations are simply redirected to Google.
In one example, the researchers visited the page for a fake Angry Birds Space app -- the QR code points to a fake APK, which is downloaded without requesting user permission. Other page for games ranging from Bloons to Modern Combat 4: Zero Hour also lead to similar APKs.
All the APKs have the same DEX file, which ThreatTrack detects as Trojan.AndroidOS.Generic.A, a Boxer variant. When the malware is executed on a device, it connects to three command and control servers, which send text messages to premium numbers and determine how much the infected user would pay per message.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
ThreatTrack urges all Android users to be cautious in visiting any Web page that claims to offer free app downloads.