Home News Attackers infect millions of Android phones with fake Samsung app

Attackers infect millions of Android phones with fake Samsung app

A suspicious third-party app called “Updates for Samsung” had more than 10 million download attempts to trick Android-based Samsung phone users into paying for their firmware updates. According to a report from CSIS Security Group, the original Updates for Samsung app was meant to provide operating updates for free. But the hackers used the fake application to infect the users’ devices with malicious codes after downloading the fake application.

Detailing how the app worked Aleksejs Kuprins, a security researcher at CSIS Security Group, said “The app is called Updates for Samsung and pledges to deliver any OS update for any Samsung device ever released. It also offers to unlock phones regardless of the network operator and provides Android-related content from the developer’s website, updato[.]com,”

“Besides being stuffed with advertisement frameworks and not being affiliated with Samsung (yet distributing their firmware), the app offers paid subscriptions for the downloads of the said firmware. A user can get an annual subscription for Samsung firmware update downloads for a small fee of $34.99.  Interestingly, that doesn’t happen through the official Google Play subscriptions,” he added.

Recently, security researchers revealed an ongoing Android malware campaign dubbed ViceLeaker that has been active since 2016. According to the researchers from Kaspersky, a hacker group has been found targeting Israel citizens and other Middle East countries with surveillance malware named Triout.

The malware is designed to steal sensitive information, including call recordings, text messages, photos, videos, and location data without users’ knowledge. Apart from spying features, the malware also has backdoor capabilities, including upload, download, delete files, record surrounding audio, takeover camera, and make calls or send messages to specific numbers, according to the researchers. The researchers said that attackers used Smali injection technique, that allows hackers to disassemble the code of an original application and add malicious code.