No surprise here: cybercriminals are taking advantage of the less informed Android users. The latest trick? Targeting those who search for Windows drivers that would let them connect Android devices to their PCs.
The MO is simple – fraudsters create malware-riddled sites targeting keywords related to certain Android devices. When a user visits the trap site, he or she is served up with malware.
Users visiting the compromised site from Android are served links to fake Play Stores, filled with fake Android apps that send SMS to international premium services. Unsuspecting users that download such apps are served huge bills, while fraudsters walk away with nice payoffs.
If the malware site is visited from Windows, users get their IE homepage replaced with an escort site.
The security site that reported the scheme, GFI, has issued an advice for users:
Only visit and download genuine apps from the real Google Play website by keying in play.google.com to the address bar of your mobile or PC internet browser. This ensures that you will not be directed to sites that merely look like the actual site. This also ensures that the readily available apps you wish to download are not malicious.
Our advice – stay away from third-party app stores. Browse the Play Store using the official app. Stay away from dodgy apps. Pretty much common sense, don’t you agree?