The Android:FakeInst family of malware seems to be never ending story. Its creators have been trying to trick users into sending premium rate SMS messages for several months now. Just a few days ago, we discovered 25 more apps placed on alternative markets that are all based on very similar concepts as was the one in the story we wrote about before Christmas.
This time malicious Android applications are hosted on several domains:
All these sites were registered a week ago so it looks like they were supposed to serve as a malware hosting for the bad guys from the very beginning. Also if someone tries to access these sites from the browser, the visitor only receives a 404 error message which does not look like a legitimate site. Analyzing the trail the malware creators left for us, we’ve discovered a few sites they have used in order to attract users and all of them target Russian speaking people and look like an alternative markets. In reality, these sites exist for a short period of time and offers only fake downloaders.