Fake Fifa apps raise malware concerns ahead of Euro 2016

With Euro 2016 just around the corner, fake Fifa apps, featuring adware have popped up on the Google Play Store, raising concerns about how unsuspecting users may be targeted with malware and/or ransomware.

Avast Software's Jan Piskacek spotted the fake Fifa app, and he noted that all of the four apps that he identified appeared to have been designed by a single developer, despite having been uploaded by different developer names. He also noted that all four apps had similar names and were "pretty bad knock-offs of the popular FIFA app".

Piskacek said: "All four apps have negative reviews claiming the apps do practically nothing but display ads. Clearly, the person or people behind these apps only intention is to make money and not to deliver quality apps."

Upon exploring further, Piskacek noticed that all four fake apps "have the same dex files and manifests" and that none of the apps include links to any developer homepages. In order to determine their validity, Piskacek decided to conduct a hands-on test of the apps himself.

Further testing resulted in Piskacek coming to the conclusion that the negative reviews for the apps were warranted and that the apps hosted adware. He also noted that all the apps requested user agreements to an advertising network called Airpush. Additionally, users are first directed to Airpush's advertising terms and privacy policy when the apps are first launched. If users grant permission, Airpush automatically begins collecting user data, including IP address, device ID and a list of current apps installed within the phone. Furthermore, Airpush can also obtain additional user information via users' browser history, email address and location.

Piskacek also noted that of the four apps he identified, one claimed to have detected 13 viruses on his phone, which if not immediately addressed, would damage his sim card. This, he noted was a common "social engineering trick" used to manipulate people into downloading malware. "In this case, affiliates used social engineering to try and convince me that if I did not download the app they were advertising, my phone's SIM card would suffer. However, they didn't do the best job since the app they directed me to had nothing to do with viruses that were allegedly detected on my phone," he added.