Security experts are warning football fans to be on their guard after spotting fake Android apps looking to cash in on some major sporting tournaments taking place this summer.
The Copa América Centenario kicks off today, while the much anticipated UEFA European Championship starts in a week’s time.
Unsurprisingly, the scammers have been out in force, flooding the official Google Play Store with phoney titles designed to imitate the popular FIFA app, according to Avast virus analyst, Jan Piskacek.
He spotted four apps in particular filled with adware. Despite being uploaded under different developer names, they all tie back to one person, having the same dex files and manifests, Piskacek explained.
On opening for the first time they all request the user to agree to receive ads from the Airpush advertising network. Doing so will mean details like device ID, IP address, and installed apps could be collected.
Airpush will also monitor geolocation, browser history and email address details thanks to the permissions granted to the app, Avast claimed.
“Additionally, when you click ‘Ok’ to these terms you give your consent for Airpush to associate the Google advertiser ID from your device with other information it collects about your device, including persistent device identifiers and/or personally identifiable information,” explained Piskacek.
“You’re probably thinking ‘Just click ‘Cancel’ to avoid giving away your personal information to Airpush, but more importantly, to avoid the annoying ads!’. I hate to disappoint, but even if you click ‘Cancel’ a Sky entertainment ad appears as soon as you start a game.”
The four apps are of poor quality and saturated with ads which block the user’s view of the game, he continued.
One particular pop-up on one of the gaming apps tries to trick the user into buying another app, by claiming their device is riddled with malware and that they need the new app to clean it up.
Sporting tournaments have long been a lure for black hats and scammers looking to cash in on heightened public interest.
Last month, Kaspersky Lab warned users to remain on their guard after spotting fake lottery win notifications spoofed to come from the Brazilian government and the International Olympic Committee (IOC).
To claim their ‘prize’ users are urged to fill in their personal details – a classic phishing tactic.
Researchers also warned of an uptick in fake ticketing sites ahead of the Olympic Games this summer.