Security experts are warning users to be on the lookout for apps promising to increase social media followers, after discovering eight such titles that in reality were designed to steal personal info and force the user into paying premium rate subscriptions.
Eset malware researcher, Lukas Stefanko, explained in a blog post that the fake apps – now taken off the Play store by Google – had gathered between 250,000 and one million downloads.
“These eight fake applications mainly promised more followers, friends or views on social networking apps, but their true purpose is quite different – namely to lure the users into paying perpetual subscriptions, sharing their personal information, consenting to receiving marketing messages or the display of ads,” he warned.
Users are first asked to enter their mobile device model, username and the number of followers they want to gain, before completing “human verification.”
“However, this ‘verification’ was only a cover-up used to draw the victim into an endless set of offerings of gifts, coupons and free services, as well as to request their personal information including name, email, address, telephone, date of birth, and gender,” Stefanko continued.
“Users were also asked to consent to receiving telesales calls and text messages, some of which were premium-rated SMS subscriptions costing approximately €4.8 per week.”
The idea, he explained, is to funnel victims into an “endless spiral” designed to “milk as much information and money” from them as possible.
Eset recommended users always check an app’s ratings and reviews before downloading; to stick to the official app stores; be cautious about entering personal information; and to install mobile security software on their devices.
The news comes as the same security vendor warned users about fake Pokemon Go apps which have already duped tens of thousands of victims.
One of these apparently locks the screen as soon as it’s installed, forcing the user to restart the device. After rebooting, it runs in the background and covertly clicks on porn ads online, Eset claimed.