As researchers Yonathan Klijnsma and Aaron Inness explain on the RIskIQ blog, the attack starts with a relatively pedestrian fake warning message that popped-up on some Android users’ devices as they browsed the web.
The warning message is customized to the specific device by grabbing the model number and brand of the Android phone that is being used, presumably in an attempt to dupe users that the advice they are reading is legitimate rather than produced by a pop-up.
In the example shared by the researchers, the message is customized for the Samsung SM-G925A.
Samsung cleanup might be required!
Your Samsung SM-G925A might be slowed down and your battery may discharges quickly.
Please clean your Samsung memory to solve this problem and increase phone speed.
Install recommended app for FREE to clean your Samsung immediately!
Underneath the warning, the user is prompted to click either the Install or Cancel button. However, it makes no difference which option you choose as you will be taken to a page in the official Google Play store regardless.
You *could* press the back button in your browser, but you’ll only find yourself on the receiving end of yet more pressure to install the app that the fake warning is recommending.
So what happens if you do go to the Google Play store and install the battery-saving app being touted by the fake warning?
The first thing that should ring alarm bells in you is that the app demands access to a disturbing array of permissions including:
- Read sensitive log data
- Receive text messages (SMS)
- Receive data from Internet
- Pair with Bluetooth devices
- Full network access
- Modify system settings
I can’t think of any legitimate reason why a genuine battery-saving app would ever need such invasive abilities, which in combination with the app’s other functionality allows it to steal a user’s phone number, location, and details about their device including its IMEI number.
And so it comes as something of a surprise to discover that the Advanced Battery Saver app actually does live up to its advertising – monitoring a device’s battery status, killing unwanted background processes that consume significant resources, and making other attempts to keep batteries running for longer.
And it’s this strange dichotomy – the good and the bad behavior – which leads the researchers to speculate that the battery-saving app was perhaps originally designed to perform its intended advertised function (and to fulfill only that purpose) before being extended by its creators into underhand methods of income generation.
Chief among those is the app’s request for access to a user’s SMS text messages. One installed, the battery-saving app recruits devices into an ad-clicking scam, with the app “clicking” on advertising links it is sent via SMS to earn more income for the fraudsters behind the scheme.
At the time of writing, the app remains available in the Google Play store and is believed to have been downloaded in the region of 60,000 times.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.