The NQ Mobile Security Center has detected new Android malware masquerading as a Google+ app. The fake app is an SMS worm, and when activated, sends text messages to all of your contacts encouraging them to download the fraudulent app, as well. In addition, the app loads AdMob ads on your phone, resulting in malicious popups that can lead to further app downloads if you aren’t careful.
FraudPlus, otherwise known as a.fraudware.selfmite.a, infected 90 users in 28 countries before it was caught and neutralized. NQ Mobile Security users are protected from any further outbreaks of this virus.
FraudPlus downloads were limited to 3rd party app stores, so folks who exclusively download their apps from Google Play were protected in this case, unless the malware was sent to them by SMS.
Package Name: com.google.gsn.plus
SMS Samples (links now redirect to 404 pages):
- Hey, try it, its very fine. http://x.co/5XBNm
- b. Hi buddy, try this, its amazing u know. http://x.co/5XXHl
Protect Yourself from FraudPlus:
NQ Mobile Security users are already fully protected from FraudPlus and all other malware threats. If you don’t have a powerful mobile security application on your phone, we recommend that you take the following precautions to prevent damage from future threats:
1. Only download applications from trusted and reputable app stores and markets—think Google Play.
2. Always check reviews, ratings and developer information before downloading apps.
3. Never accept app download requests from unknown sources.
4. Closely monitor requested app permissions to be sure the app is accessing no more than what it needs to. That flashlight app requesting your location? Yeah, your gut is correct, that makes no sense so take a pass.
5. Be alert for any unusual behavior exhibited by your mobile phone—it can be a sign of malware. If you find yourself in a situation like this it’s time to run a quick anti-virus check.