Beware of poisoned apples
Everybody knows the story of the beautiful Snow White. An evil queen with a bad temper gives a young girl a poisoned apple, because she apparently thinks that it would just make her day. Poor Snow White. All she wanted was a bite of this juicy apple. I guess this one particular bite didn’t make her very happy. Anyway, she apparently made some mistakes, that I can tell. For example, if she wanted an apple, she should have just picked one from a “genuine” tree. Or she could have had someone taste the apple first, like a brave knight that’s always there for her, protecting her every second.
Yes, it’s been a while since that famous apple incident happened. Nowadays, a girl wouldn’t just accept an apple from a stranger and take a bite right away. She would at least wash it first! If she’s smart enough, she’s going to have something that tells her more about the apple.
With the magic of fairy dust and special effects, let’s transform this story into the world of mobile security.
The Snow White fairy tale came to life a few days ago, when we found a fake Apple iMessage app for Android. There are lot of apps for Apple iOS that are not released for other platforms. For example, when two people have an iPhone, they can send each other messages for free via Apple’s iMessage service. The Android alternative for that service would probably be Google’s Hangouts app. The problem occurs when you want to send a free text message from iOS to Android. Yes, there’s WhatsApp, Viber, and similar apps, but there’s no way to send an iMessage to Android, nor iMessage from Android. That problem seems to bother some people, so they are eagerly waiting for a solution. The evil queen is aware of the need, so she makes poisoned apples and hands them out for free, telling others that they are sweet, juicy, and absolutely free from poison. Yes, I’m talking about fake apps that are trying to look like official Apple apps for Android.
We found the fake iMessage app on some 3rd party website with Android apps. It was also on Google Play, but Google has since removed it. When you install the app and run it, you are made to think you’re on iOS, because the interface is designed that way. The app seems to be communicating with Apple’s servers, but it's not happening directly. The communication is provided via a 3rd party server, and that’s the catch.
You give your Apple ID to this app and it sends it to that server and then maybe to Apple. Your messages will be handled the same way. So when you think that you and your friend are the only ones in your conversation, you might be wrong. It’s obvious that this app is trying to look like an Apple app, but there is no official Apple disclaimer, so it’s really not official, and you can’t predict what’s going to happen with your Apple ID.
Another app we found is also called iMessage and it’s on Google Play. When you see it’s page, you’ll think this is something connected with Apple, but it’s not. There are screenshots with iPhones and in the description it states, “i.Message it's fully compatible with iPhone 4! Retina Display and Multitasking are supported” which obviously is a lie. This app doesn’t send iMessages, it just shows messages on the screen. This app was probably created just to make money through in-app advertisement, and it clearly takes advantage of people that are looking for a real iMessage app. This particular app won’t do anything bad to your phone, but it’s misleading. Other misleading apps could be more dangerous, so pay attention.
These two apps are just a fraction of the fakes/poisoned apples that are out there. Not a long time ago we also found out that the very same thing is happening with the Blackberry Messenger app. So, if you want to know whether there’s an Android version of your favorite iOS or Blackberry app, check their official website and don’t look at weird 3rd party webpages and markets that are a garden full of poisoned apple trees.
But just like innocent Snow White chose the wrong person to accept an apple from, sometimes you pick the wrong source for Android apps. We know that, and we have the solution for such situations. avast! Mobile Security is here to protect you wherever you decide to go. I guess Snow White would have been happier if she didn’t have to lie in that glass coffin in a deep sleep. All she needed was to have a knight from the land of AVAST by her side.
avast! Mobile Security detects these fake apps as Android:Fapple-A [Trj]
Innovative and infamous bank fraud groups create new security challenges for banks.
Cybercrooks could easily watch people in private and public spaces via webcams, stream the video directly to the internet, or turn the device into a bot.