"Symantec has acquired some data that has allowed us to get an idea of how successful Exprespam may be in scamming Android users into providing personal data," writes Symantec's Joji Hamada. "The data obtained, which is only a portion of the complete data, indicates that the fake market called Android Express’s Play has drawn well over 3,000 visits in a period of a week from January 13 to January 20. Based on several sources, I calculated that the scammers may have stolen between 75,000 and 450,000 pieces of personal information."
"[The] Web sites trick users into downloading apps by mimicking the Google Play market," writes Threatpost's Christopher Brook. "One site even called itself 'Gcogle Play' earlier this month before changing its name to 'Android Express's Play,' according to an older blog entry on the malware. Links to the faux markets have been circulating in spammy Android newsletter emails since the beginning of the month. When users download any of the infected apps, the phone’s information is harvested."
"Victims who install [an] app will receive two fake messages, one stating that the app is initializing and another stating that the app is not compatible with the device," writes CRN's Robert Westervelt. "Once the app is uninstalled, the data is already stolen."