A report explains how Google Play Book publishers that are offering cracked and modded Android APK files as part of fake game guides are exposing users to malware and phishing scams.
In a post published on its website, Android Police notes how it has identified at least a dozen sellers of these fake guides, though it concedes that the actual number is likely much greater than that.
Some of the most prolific sellers include Monster Guides Editor Pro, Johnny Bravo, and Leon Master, most of whom offer games and apps for sale at prices well below their legitimate counterparts.
Android Police goes on to explain that Google is swift to remove fake apps in Play Store but has developed a “blind spot” with regards to books, an oversight which attackers are leveraging to deliver malware to users.
Each fake guide contains a set of download links and installation instructions. When a user clicks on any of the links, they are connected to Androider, a site that conceals all downloads via a wall of ad redirects. The page then downloads malicious .exe files to a user’s computer and suspicious APK files to their Android device.
Reports suggest that these guides also have targeted victims in phishing scams.
Security researchers with Android Police believe this threat affects everyone, whether or not individual users are purchasing cracked APKs.
“Google can’t let scammers run roughshod over the Play Store,” notes Ryan Whitman, a tech/science writer and Android Police blogger. “Authors and developers rely on the Play Store to make a living, and letting this stuff exist undermines confidence in the ecosystem.”
Whitman goes on to explain that these fake guides, which show up in search results, also threaten users who might not be able to readily distinguish these fake “books” from the real ones.
As he sums up, “Providing a portal for people to get scammed, even if they should know better, is not okay.”