Fake Malware-Filled Super Mario Run Apps Take Advantage of Android Absence (silicon.co.uk) 34
Mickeycaskill writes: Nintendo's Super Mario Run was downloaded more than 40 million times in the first four days it was available. But an Android version has yet to materialize. An official release is on the way, but cybercriminals are taking advantage of this vacuum by spreading malicious apps masquerading as the real thing. The "Android Marcher trojan" appears as a fake landing page advertising the release of the game, where it can be downloaded onto users' devices. It then targets financial and banking apps and can modify your settings and read your contacts. The popularity of Pokemon GO last year saw similar scams emerge as users waited for the game.
English!!! (Score:1)
Run, Android, Run!!! (Score:1, Insightful)
Re: (Score:3)
...which you have to side-load to get infected. Sorry, I have a hard time getting worked up about idiots who intentionally disable safeties and then proceed to digitally shoot themselves in the foot.
Re: (Score:3)
It's kind of funny that Android users say that the great thing about Android is that you're not stuck with just one manufacturer and one App Store but if you want security updates and not get infected by malware you're stuck with one manufacturer (Google) and one app store. (Google Play).
But on the other hand, Android is based on Linux, why shouldn't you be able to download apps from anywhere and the OS be able to sandbox it?
Re: (Score:1)
It's kind of funny that Android users say that the great thing about Android is that you're not stuck with just one manufacturer and one App Store but if you want security updates and not get infected by malware you're stuck with one manufacturer (Google) and one app store. (Google Play).
But on the other hand, Android is based on Linux, why shouldn't you be able to download apps from anywhere and the OS be able to sandbox it?
I currently can access three different App stores without sideloading or disabling protections. And security updates is a completely different issue that has nothing at all to do with sideloading, since you don't have to root/crack your OS or install custom ROMs to do it like you do with an Apple product.
WRONG! Please try to keep up!
I don't know how many times I have to repeat this: Apple has actually ALLOWED "Side-Loading" on iOS WITHOUT JAILBREAKING since iOS 8.
Here's how you do it [osxdaily.com].
And you don't even have to use XCode (and from Windows and Linux computers). Just use the handy Cydia Impactor [cydiaimpactor.com].
And here's a list of F/OSS iOS Apps on github [github.com] that can be Sideloaded.
And here's an example of a NON F/OSS App [movie-box-app.com] that can be Sideloaded with Impactor.
Comment removed (Score:4, Interesting)
Re: (Score:2)
Never underestimate the ability of a fool to retain his ignorance.
Simple... (Score:3)
This is the default on most devices (except cheap chinese stuff with backdoors)
The only reason it should be on is if you are a developer, or smart enough to use an alternative app store that may not be safe. Others use it to get haked versions of games/apps and whatever herpes comes with that.
Re: (Score:2)
Re: (Score:2)
Sure but these are not malware. These are, I think, legitimate guides.
They are an excuse for bombarding you with ads but it is not forbidden by the Play Store rules and while annoying, they most likely won't do much harm.
By comparison, the apps mentioned in the article are trojans stealing CC numbers, and just by the way they work, they break several rules of the Play Store and probably wouldn't even pass Google's automatic defenses.
Re: (Score:2)
Re: (Score:2)
And negate one of the biggest advantages of Android over iOS.
The problem is Android doesn't allow finer control of that. Because if you want to use Amazon's app store, F-Droid or Hum
Re: (Score:2)
>"There's no way to open it for those trustable app stores and disallow it for other app stores."
Sure there is, it is called self-control! "Regular" people shouldn't be adding third party repos anymore than just downloading random apps from off the web and installing them. And those who do enable outside sources should know the difference between potential malware and not. Although I agree it would be nice to have more options and settings, including ones that would help in this case.
Re: (Score:2)
And when you click on an APK Android helpfully takes you directly to the settings page where you can change that niggling little security feature that's getting in your way.
UAC didn't fix Windows, why should this fix android?
Stupid hidden apps (Score:5, Insightful)
One reason this type of scam works well (though it is not specifically relevant to the Super Mario case since it is not yet released for Android at all) is the horrendous practice to completely hide apps not available in your region / compatible with your device. This makes any similarly named app show up as the "only option", and will easily fool people.
You know what, Google? If I am looking for an app, I rather you show me that it exists but cannot be installed, rather than have me dig through tons of search results in vain.
Re: (Score:3)
The vendor is to blame for this much more than Google. They could have set up a landing page which said not available yet, and even given a release date. That said, I'm not big on blaming the vendor for this type of thing either. People will download and install things without doing any validation and/or testing, and it happens all the time.
Should we have constant PSAs on TV, Radio, Youtube, etc..? Or perhaps consider the wisdom of Bill Engval "You can't fix stupid!"
Re: (Score:2)
Why should the vendor create landing pages in the Play Store? Hell I'm not sure they can. This is definitely the fault of Google's design.
Of course... (Score:4, Funny)
Just sell it (Score:2)
This sounds like an idiot super villain who invents robots, and, instead of selling them for billions, uses them to rob a bank instead.