Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

‘Updates for Samsung’, the scam app with 10M+ downloads

Experts discovered a malicious app on Google Play, named Updates for Samsung, that was downloaded by over ten million users that poses as firmware updates. Over ten million users have installed a fake Samsung app named “Updates for Samsung” that poses as firmware updates. The malicious app redirects users to a website offering and charging […]

‘Updates for Samsung’, the scam app with 10M+ downloads

Experts discovered a malicious app on Google Play, named Updates for Samsung, that was downloaded by over ten million users that poses as firmware updates.

Over ten million users have installed a fake Samsung app named “Updates for Samsung” that poses as firmware updates. The malicious app redirects users to a website offering and charging for firmware downloads.

Technical details of the attack were shared by Aleksejs Kuprins, malware analyst at the CSIS Group.

The high number of installs for the app shows the great interest of users in getting firmware updates to improve the performance of their devices.

The “Updates for Samsung” app promises to keep devices always up to date.

Accordung to Kuprins, in reality, the bogus app only loads the updato[.]com website in a WebView (Android browser) component.

The site provides both free and paid (legitimate) Samsung firmware updates, operators attempt to monetize their efforts by infesting the pages with ads.

“How did the developer trick 10,000,000+ users into installing it? I am going to put my money on the fact that he or she named the app “Updates for Samsung”.” reads the analysis published by the expert. “It would be wrong to judge people for mistakenly going to the official application store for the firmware updates after buying a new Android device. Vendors frequently bundle their Android OS builds with an intimidating number of software and it can easily get confusing.”

The expert also discovered that the site limits the speed of free downloads to 56 KBps, and some free firmware downloads abort due to timing out.

Operators force crash the downloads in the attempt of pushing the users to get paid subscriptions for the downloads of the firmware. An annual subscription for Samsung firmware update downloads goes for $34.99, the app asks for user credit card info and sends it to an API endpoint under updato[.]com via HTTPS.

The app also claims to offer SIM card unlocking for any network operator, starting at $19.99, also, in this case, bypassing GooglePlay subscription for the payment.

The expert pointed out that the app doesn’t include any malicious code, it could be considered a tool used by crooks for a scam.

“Although not malicious in the traditional meaning of that term “Updates for Samsung” does not seem to offer users much of value besides a lighter wallet and as such highlights the risks of ignoring the fine print.” concludes the expert.

“We recommend users to follow Samsung’s designed procedure for downloading firmware updates. That is, by opening the “Settings” application on your Android device and navigating to the “About phone” -> “Software Update” menu. These updates are guaranteed to come directly from the vendor and are free of charge.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Updates for Samsung, scam)

[adrotate banner=”5″]

[adrotate banner=”13″]