Google has just recently renamed the Android Market to Google Play. Cyber Criminals already taking advantage of this by launching fake google play sites to spread malwares. Trend Micro researchers identified a number of newly created Russian domains that imitate the Google play sites ,which contain malicious apps.
"Download Google Play for Android Google Play is formerly known as the android market but now a vast and influential old android market combined with a store of books google ebookstore multi-format films and world music google music" the fake Google play site reads.
Clicking the image in the site will leads you to another malicious Russian domain that offers suspicious Android apps. Any attempt to download the Google play app, google-play.apk, will download malicious file detected as ANDROIDOS_SMSBOXER.AB.
ANDROIDOS_SMSBOXER.AB is a premium abuser type of mobile malware. Such malware subscribes affected devices to premium services without the permission of the user, thus leading to unwanted charges.
Similar to ANDROIDOS_OPFAKE.SME, this malwares inserts unnecessary files into the APK in order to avoid anti-virus detection. Users are advised to download applications from trusted sources .
