31 March 2015
Google is fairly thorough about cleaning malware-infected apps out of the Play Store, but scammers are equally tenacious in finding new and exciting ways to rook unsuspecting customers. The latest scheme involves hiding links to cracked, probably infected apps in otherwise safe Google Books, a method that deftly skirts the line between providing a safe product and encouraging consumers to use that product in a dangerous way.
Android fan site Android Police discovered the ongoing security risk, which, to be fair, only targets people who are willing to cheat the system. Here’s how it works: Shady publishers get on Google Books and offer ebooks that contain instructions on how to get cheap or free copies of popular games, or infinite currency for free-to-play games.
These ebooks are only a few pages long, as they contain only download links and installation instructions for cracked games, including pirated versions of indie platformer Limbo and free-to-play city-management simulator The Simpsons: Tapped Out.
Any security-savvy user can guess what happens next. The links within the books lead to a shady site known as Androider that promises to offer cracked APKs (Android installer files), but clicking on any Androider download link leads to a morass of dodgy pop-up ads, browser hijackers, phishing scams and instant downloads. (We tried to explore the Androider site on a PC, but our antivirus software went into overdrive as it blocked numerous malicious ads and self-starting downloads.)
If you do end with a cracked APK through Androider or a similar site, for God’s sake, don’t try to install it. More than likely, it will put harmful software on your phone.
While there is certainly some karmic justice in would-be thieves getting cheated, selling scam-riddled books in the Play Store is probably not a good precedent to set. Concerned users can report these books to Google whenever they find them — or, if they have a moralistic streak, simply leave the malicious apps alone and let nature take its course with the cheaters.
Avoiding the scam is incredibly simple: First, make sure that “Unknown sources” is not checked under Settings > Security. (If so, then all software must come through Google Play.) Then simply buy games legitimately through the Play Store and avoid any book promising you illegal versions of the software.
If you’ve already contracted malware through one of the links offered in the books, a good Android antivirus program should get rid of it (even if it won’t do much to assuage your conscience).
Source – http://www.tomsguide.com/us/scammers-malware-google-books,news-20590.html