News  Android
Nasty keyboard

PC malware has special trick for Android users

Malware has been spotted in the wild which targets Android device owners looking to connect and modify their smartphones and tablets. They use searches for phrases like “Windows Android drivers” and everything in between to serve up malware for Windows computers as well as malware for Android devices distributed via fake Google Play stores.

One such Yahoo search result is for the Samsung Galaxy GIO. The fear is that it's very likely the malware creators are targeting more than just one device on more than just one search engine. Nevertheless, visiting the offending URL returned automatically downloads a file called install.exe, detected by GFI as as Trojan.Win32.Generic!BT.

Cross-platform trojan

The Trojan modifies Internet Explorer’s homepage to a sign-up page for a Russian “escort” site. Yet the scam doesn’t stop there. If a user accesses the same site via an Android device, they are led to various different malicious sites.

One of them takes the user to Russian sites containing fake search results. All the links on the search pages direct users to one of five fake Google Play stores.

The idea is that they then think they’re on the actual Google Play website, and so it is likely that users may end up downloading malware onto their mobile devices. This wouldn’t be the first time Android users are duped by fake Google Play stores. Either way, there are two kinds of Android Trojan premium SMS apps being distributed on these fake stores, both detected as Trojan.AndroidOS.Generic.A. Like the majority of Android malware, these malicious apps sends expensive international text messages to earn their creators revenue. Some variants even connect to a Command & Control (C&C) server to send and retrieve data, as well as await further instructions.

These fake markets are looking more and more sleek and professional, so extra care is advised. The advice is to only visit and download genuine apps from the real Google Play website by keying in to the address bar of your mobile or PC internet browser. This ensures that you will not be directed to sites that merely look like the actual site. This also ensures that the readily available apps you wish to download are not malicious.

More: The Next Web