A couple of weeks ago Trend Micro spotted a fake version of Skype for offer. Now Microsoft, who own Skype, has published some more details about this malware dressed up as a legitimate app.
How the malware works is like this: once an unsuspecting user installs the app, it sends SMS messages to premium rate numbers without the users’ consent. This costs the user money which goes straight into the malware author's pockets.
The problem for the victim is that the charges for the premium SMS messages will most likely only be seen once the next bill arrives and long after the app has been uninstalled (as the victim realizes that it isn't a legit version of Skype). This creates a big incentive for cybercriminals to continue perpetrating this type of fraud.
But why create a fake Skype app? Simple – popularity. There are millions of Skype users and it is a trusted brand. Also, its popularity seems to be growing. Earlier this year, Skype had 40 million users, all signed in, all at once. Quite a technological feat. Combined with the fact that Skype is a telephony app, which means users might not be suspicious of the fake app's request for SMS permission, this means that less vigilant users can get stung.
Microsoft (and all the team at Android Authority) recommend the following measures:
- Download your apps from only legitimate and trusted sources like Google Play and Amazon's Appstore.
- Install a security app on your Android device (see my recent roundup of the best antivirus apps)
- If you do need to download an .apk file from a website (rather than one of the trusted stores) then scan the app with your PC's antivirus before loading it onto your device. You can even use Microsoft Security Essentials (which if free) to do this.
“Just as you would when taking care of any valuable property, mobile users need to take appropriate security measures and precautions,” wrote a member of Microsoft's Malware Protection Center.