A security firm group CSIS has spotted a fake app on Google Play Store that was scamming Android users, more specifically Samsung phone users, in the name of firmware and security updates. The app, which has now been removed from the Play Store, would take users to ad-filled pages and charge them for software updates.
The details of the malware app “Updates for Samsung” was shared by Alex, the malware analyst at the CSIS Security Group on Medium.com. As per the report, the app was installed by over 10 million users.
The fake application claimed to provide users with free as well as paid Samsung firmware updates. However, Samsung doesn’t charge for any kind of firmware updates for its smartphones. All official Samsung updates are free of charge.
The report mentions that the app offered a free download with restricted speed limits of 56KBps, which took around four hours to finish a download more than 500MB in size. Also, the download would end up being timed out and fail.
It used to push users a premium annual subscription worth $34.99 (around Rs 2,500) to download the update with fast speeds. Apart from extorting money, the update reportedly showed ads on the main screen with an option to pay to remove ads. The app also reportedly offered SIM card unlocking for any network operator, starting at $19.99.
The analyst believes that the name of the app — Updates for Samsung — is responsible for such a large of users installing the fake app. Notably, the report says that the app doesn’t include any malicious code and it could be considered a tool used by crooks to trick people.