It Saves Your Battery, But Its Social Engineering Steals Your Data



Samsung_imageGoogle Play is a walled garden, but the serpents do find their way in. RiskIQ has found one snake with a tempting offer on its forked tongue: an app that "saves the battery" in your mobile device.

It begins with a vaguely plausible pop-up: "Samsung clean-up might be required! Your Samsung SM-G925A might be slowed down and your battery may discharges quickly. Please clean your Samsung memory to solve this problem and increase phone speed. Install recommended app for FREE to clean your Samsung immediately!"

Connoisseurs of social engineering will recognize the weak grammar in the second sentence of the come-on. They will also recognize the immediacy of the invitation. Calling the app "recommended" is a nice touch, and "FREE" can be hard to resist.

If you do click "Install," you'll be taken to Google Play, and there you'll find the app as advertised. If you look at the permissions it requests, you'll say "no." Those permissions include the following, and there are many others:

  • "Read sensitive log data"
  • "Receive text messages (SMS)"
  • "Receive data from Internet"
  • "Pair with Bluetooth devices"
  • "Full network access"
  • "Modify system settings"

All of these should put the user on guard. The app also installs an ad-clicker backdoor that harvests additional information. It's interesting to note that in addition to all of this badness, the app actually does do the things it promised up front. It reduces battery strain, it kills battery-use-intensive processes when charge is low, and it monitors battery status. None of this, of course, is worth it.

There are several lessons here that any organization might want to share with its employees. First, don't assume that all the apps in the Play store are legit. Google Play is working hard to clean out the snakes, but they still find their way in.

The developer transparency of the Play store can help you recognize repeat offenders. Second, look for linguistic clues that you're being scammed. Many criminal organizations are international, and they often stumble over the harder parts of their language.

See the second sentence of the pop-up for an example: "your battery may discharges quickly." Third, beware of attempts to rush you. "Immediately" and "now" should put you on your guard. And finally, read the permissions an app wants before you install it.

All of these lessons can be reinforced with new-school security awareness trainingSee RiskIQ's blog for the story of this particular social engineering scam:

https://www.riskiq.com/blog/interesting-crawls/battery-saving-mobile-scam-app/




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews