Now Google Play *Books* are helping Android malware and phishing scams to spread

Google BooksWe all know that Google has had something of a blotted copy book when it comes to keeping its official Android app store, Google Play, free of malicious apps - but who would have imagined that scammers and online criminals would also exploit digital books to spread their attacks?

As Android Police reports, dozens of sellers are selling "guides" in the Google Play Books store offering cracked APKs for just a dollar or two.

But, if you make the mistake of buying at a bargain price, it's possible that you won't end up with a pirated Android game, but instead with a smartphone infected with malware.

Hacked APKs are a thing that exists, but how do you deliver them via a book? Each "book" is only a few pages long and contains download links and installation instructions.

Bogus games guide

Journalist Ryan Whitwam decided to find out precisely what was going on, and downloaded a guide for the game Limbo.

Instructions

The electronic book was hardly the meatiest tome, including links to a site called Androider - heavily monetised by advertising redirects, and "pages that download suspicious EXE files on your computer and unrelated APKs on your phone."

In addition, according to Whitwam, there are some "really gross" phishing scams in there too.

What's clear is that once again Google has failed to properly police and vet content that appears in its Play Store. The only difference this time is that its not malware in the Android app store, but links pointing to malware amongst its popular gaming guidebooks.

Learn more in this report from Android Police, and keep your wits about you.

Tags: , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , ,

One Response

  1. J Corbett

    March 5, 2015 at 11:11 am #

    Here's an article suggestion: Is there a way to know for sure that a no-name Android tablet you buy from a major retailer isn't pre-loaded with a trojan that sends everything you type in back to the manufacturer?

Leave a Reply