More Than 10,000,000 Users Downloaded a Fake App to Update Samsung Phones, Before it Got Busted
If you own a Samsung smartphone, chances are you would have felt a bit frustrated at some point about the occasionally delayed Android updates for your phone. As with most other Android phones too. And chances are that you probably would have gone hunting the world wide web for some solution to manually download the magical updates. If you were unlucky, you would have landed on the doorstep of an app called Updates For Samsung, available for free download on the Google Play Store. The reality is that Samsung has nothing to do with this app. In fact, the app takes you to an advertisement laden webpage, which then prompts you to make a payment before it will download the promised updates. Everything about this is fake. This revelation comes from the Danish software security firm CSIS Security Group.
In an official communication, CSIS Security Group indicates that as many as 10,000,000 users were tricked into downloading this app from the Google Play Store. A user can search for a specific firmware update for their phone in the “Download Firmware” section in the app. The app itself is full of advertisements and is attempting to distribute firmware and software for Samsung phones without being affiliated to the company in any way. “A user can get an annual subscription for Samsung firmware update downloads for a small fee of $34.99. Interestingly, that doesn’t happen through the official Google Play subscriptions. The app simply asks for your credit card info and sends it to an API endpoint under updato[.]com over HTTPS,” says the report.Read more ↓
Incidentally, there is also a free method for getting these updates if you don’t wish to pay, but those ‘free’ downloads from this advertisement infested app will be restricted to a paltry speed of 56 KBps.
At the moment, it is not known if the Updates For Samsung app introduced any malware on the phones it was installed in, but certainly brings with it a massive adware repository nevertheless. The app has been taken down from the Google Play Store. If you have it installed on your Samsung phone, it would be best to uninstall it right away. It is always safe to head to Settings -> About Phone -> Software Update on your Android phone to check if there are any new Android updates waiting to be downloaded officially—and not rely on shady third-party apps anyway.