Fake Firefox app for Android is malware

Android, Google’s mobile operating system, is a popular OS installed on a staggering number of devices. Most Android users prefer its openness and the ability to customize nearly every feature. This openness does come at a price however and criminals are seemingly able to get malware onto the tablets and phones far more easily than with other mobile OSs. This has been made evident recently.

In late June 2012, the mobile version of Firefox was released on the Google Play store. Some enterprising hackers have taken advantage of this and posted apps on a Russian website that are actually malware.

These apps are a form of the Boxer malware app. Boxer is an app that can be downloaded and installed on Android devices. When downloaded and opened, it will bring up a Rules page – the page that tells you what permissions the app needs to run – and asks you to accept it. This page contains one extra rule in small print: it gives the app permission to send and accept SMSs from paid services.

When the user hits Accept, an SMS will be sent to a number ending in 2855, 3855, 7151, or 8151 and the user is taken to a webpage to download the actual app, with a message saying the app has been activated.

What sets the Firefox version apart from other versions is that it doesn’t ask the user for permission to install or show the rules page. It installs and sends the SMS to the above numbers without the user knowing. The other difference is that this version sends the user to Google’s search page not the download page for the real app.

The interesting thing about Boxer malware is that it has appeared a number of times posing as different popular apps, suggesting there could be a trend developing. We highly recommend that you only download apps from approved sites like Google Play, and always look at the publisher of the app before downloading. If you have any questions regarding the security of your Android device, please contact us.