Fake Plants vs Zombies and other Android games infiltrate Google Play store, make money for fraudsters

Filed Under: Android, Featured, Google, Malware

Is Google doing a good enough job of policing apps in the official Android app store?

It seems not, judging by the number of bogus apps that continue to be made available for public download from Google Play, exploiting the name and reputation of legitimate games in an attempt to make money for fraudsters.

For instance, take a look (but I suggest you don't install) the apps made available by an Android app developer called "abbaradon":

Some of the bogus apps in the Google Play store

There are some pretty well known games listed there, including "Plants vs Zombies" and "PES 2012" (Pro Evolution Soccer).

Fake Plants vs Zombies

The real Android version of "Plants vs Zombies", developed by Electronic Arts, costs a few dollars, and has had thousands of reviews.

However, Abbaradon's version is free, and has some fine print tucked away at the end of its description in the Google Play store:

Plants vs. Zombies Free! Please leave only positive feedback. If you have any support questions - please send us email. This is a Amazing puzzle specially for game fans.

Creating an app takes time and money, In order to keep creating great (and free!) apps, we are using a new search service to monetize our apps. With this service we are able to create more great apps for you guys. This option bundles a few search points (icon, bookmark and homepage) for you to use. You can erase these easily and with no effect to our app. Thanks!

The app itself isn't Plants vs Zombies at all. It's a simple jigsaw puzzle-type app, that uses an image from the game.

Fake Plants vs Zombies game - it's really a sliding jigsaw puzzle

And it's not just Abbaradon. SophosLabs has seen scores of similar bogus apps, trying to make money out of unsuspecting users, in the last couple of weeks. Google tries to stamp out the rogue developers, but they simply return with a new name and start uploading their fake apps again.

So, what happens if you run one of these apps?

In the screenshot below you can see what happened when we ran a fake version of PES 2012.

App's privacy policy

The program admits that it is ad-supported, may display adverts in apps and your Android device's notification tray.

Furthermore, they say they will collect information about you - including your email address and phone number - if you click on any of the adverts, and pass it onto third parties.

And all you wanted to do was have a free game of football..

But it doesn't stop there, the app is also going to change your browser's home page, add a bookmark, and add icons to your device's home screen. All of this is designed to earn money for the app developer.

The apps reveal how they are monetized

Sure enough, a couple of search icons have been added to the Android home screen alongside the icons for the games we've downloaded.

New icons added by bogus Android apps

Clicking on the icons leads to search engines, such as Moberium.

Moberium

Various advertising frameworks are being used by the apps, including Apperhand, Clicxap, Airpush and Startapp - presumably earning money for the developer who is bandying around apps on the Google Play store, pretending that they are free versions of popular games.

Google doesn't take kindly to app developers duping users in this way - and so the developers are using different certificates, different names, and ensure that their packages are heavily obfuscated so they do not look alike.

Although it's easy for a human analyst to determine that the apps are doing similar things, it seems that Google's automated systems are finding it a far harder job to weed out these fake money-making apps from their Android app store.

Sophos detects the bogus apps as Andr/NewyearL-B.

Android malware is a growing problem, with rogue apps even making their way into the official Google Play store. Last year, for instance, we talked about how one Naked Security reader downloaded what he thought was an official Android version of the Legend of Zelda game, only to be bombarded by pop-up notifications and adverts.

If you think it's time to protect your Android smartphone or tablet against the increasing number of threats, check out our free Android anti-virus app.

Thanks to SophosLabs researcher Vanja Svajcer for his assistance with this article.

, , , , , ,

You might like

4 Responses to Fake Plants vs Zombies and other Android games infiltrate Google Play store, make money for fraudsters

  1. John · 648 days ago

    It would seem that Google aren’t as proficient as Apple in weeding out the rogue apps. "Weeding out". Get it!? Plant's versus Zombies ;)

    Keep up the good work Sophos!

  2. Rick · 648 days ago

    Apple requires the submitter buy an Apple computer and pay a fee. Somewhere between this and letting in any application seems appropriate.

  3. Cabarrubias Productions · 643 days ago

    Yep, those fake apps are pointless and useless.

  4. This is the issue I have.

    Google don't appear to be weeding out bad software too well.

    Apple get complaints that it takes too long to get something into the store.

    I prefer the second one

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.