The apps are being used to send fake ads via text messages.
About 200 Android apps hosted on Google Play are generating fake SMS messages that could pose a major security risk, Symantec is warning.
As detailed in our source story from Computerworld, thefake texts havebeen used so far to display ads that appear directly in a user’s SMSinbox. The tricky part is that the text ads display fake source phonenumbers, making it tough to trace where they actually come from andpotentiallycausing users to click into them without realizing they don’t originatefroma trusted source.
Symantec cautions that the same SMS messages could theoretically beused tolaunch phishing attacks via those Android apps. Such attacks entailtext messages soliciting sensitive personal data from users or enticingthem tosubscribe to various services. Since the messages appear to come fromtrustedsources, many users answer them without realizing their information ispotentially being sent to fraudsters.
Symantec has alerted Google to the problem and says people usingAndroid apps hosted on Google Play should be extra careful clickinginto textsuntil Google fixes the issue in Android.