Avast Threat Lab found four fake FIFA football apps on the Google Play Store - just in time for the Copa America 2016 soccer tournament.
Copa America Centenario and Euro Cup start this Friday and next Friday respectively, and everyone across the Americas and Europe are in the football/soccer spirit.
I found four soccer/football apps on the Google Play Store, all with the same or similar names, that are pretty bad knock-offs of the popular FIFA app. All four apps have negative reviews claiming the apps do practically nothing but display ads. Clearly, the person or people behind these apps only intention is to make money and not to deliver quality apps.
I dug a little deeper and despite the fact that these four apps were uploaded under different developer names, they seem to be developed by one developer. All four apps have the same dex files and manifests. Each developer name has only uploaded one app and there are no links to any developer homepages.
I decided to test each app to see if the negative reviews regarding the ads were true and unfortunately, they are.
Furthermore, Airpush can receive information via the permissions you granted the app, including
You’re probably thinking “Just click ‘Cancel’ to avoid giving away your personal information to Airpush, but more importantly, to avoid the annoying ads!”. I hate to disappoint, but even if you click “Cancel” a Sky entertainment ad appears as soon as you start a game.
The first app I tested was “Football 2015” and was the app that showed the least number of ads out of the four. The quality of the game is also the worst out of all the apps. The players look like Ikea’s GESTALTA artist figure, making it impossible to figure out which player belongs to which team. Immediately after starting a game, the app showed an ad, but this was the only one I encountered while playing. While playing though, the field became very dark and all I could see was the score, the ball and the controls.
The quality of the game got better in “Soccer 2016”, at least the players looked like actual people and had team jerseys on. What did not improve with this game was the number of ads…
The app opened and greeted me with the first ad. When I tried to get around the ad to start a game, a pop-up appeared telling me the page wanted to open a new play store window. I decided to decline.
After this, I was able to start a game – at least so I thought. Blocking my view of the stadium was, surprise, surprise, an ad!
When I tried getting around this ad, I was asked if I wanted to complete my action using my browser. Then I was brought to page with a Sky Entertainment offer.
Despite all of these frustrating ads, I went back to the app to play. That is when, in my opinion, the most impressive ad appeared. A dark space blocking my view of the game!
The next “Soccer 2016” app started out a lot worse than the first “Soccer 2016” app, in terms of ads (the quality of the games are identical). I clicked on “single player” to start a game and faster than I could take screenshots a bunch of different ads loaded and I ended up on a page promoting Google apps.
At some point while playing I also got a full screen Amazon ad.
Finally, when the game was over, a pop-up appeared telling me the page wanted to open a new play store window. This lead to the “Mobile Strike” app page opening in the Play Store.
The fourth and final app I tested was “Football 2016 – 2025”. When I started a game a pop-up appeared, like in the other apps, that directed me to a Play Store app page. When I re-opened the app to continue playing, some very interesting pop-ups appeared.
The first pop-up claimed that 13 viruses were detected on phone.
The next pop-up went as far as claiming that if I do not resolve this within a few minutes, the virus will damage my SIM card. Then steps on how to install 360 Security appeared with a “Remove virus” call to action button.
After clicking on “Remove virus” another pop-up appeared telling me that I will be directed to the Google Play Store for antivirus installation and asked me to “please launch the antivirus application and remove all viruses”. I clicked “Ok” and another pop-up appeared asking me to confirm that I wanted to navigate from the page and then yet another pop-up appeared asking me to allow the page to open a new Play Store window.
I was a bit surprised when the Play Store window opened. Although the previous pop-up ads told me 13 viruses had been detected on my phone and that I needed to install 360 Security, the app page I was directed to was a cleaner app.
This is a classic social engineering trick. Social engineering is often used to trick people into downloading malware. In this case, affiliates used social engineering to try and convince me that if I did not download the app they were advertising, my phone’s SIM card would suffer. However, they didn’t do the best job since the app they directed me to had nothing to do with viruses that were allegedly detected on my phone. We have contacted 360 Security, as they may not be fond of, nor aware that affiliates are using this method to promote their app. Also, we reported the app to Google.
Someone is clearly trying to make money by showing soccer/football enthusiasts a nearly uncomfortable number of ads. These apps may be smaller in size than the FIFA app, but I can definitely recommend downloading the FIFA app over these apps if you want to enjoy playing a nice game of soccer/football.
These apps are not malicious per se, but the aggressive ads are certainly not pleasant. Avast Mobile Security, therefore, detects these apps as adware.
Avast Threat Intelligence has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.
Our Aposemat Team has been testing the capabilities of IPv6 and how malware could take advantage of it. One of the topics explored was exfiltration of data via the IPv6 protocol, which we discuss in this post.
Popular banking services, including PayPal, Revolut and Venmo, allow users to request money from others with a few easy steps. Although simple, this functionality could increase the likelihood of related spearphishing attacks.