Experts discovered a malicious app on Google Play, named Updates for Samsung, that was downloaded by over ten million users that poses as firmware updates.

Over ten million users have installed a fake Samsung app named “Updates for Samsung” that poses as firmware updates. The malicious app redirects users to a website offering and charging for firmware downloads.

Technical details of the attack were shared by Aleksejs Kuprins, malware analyst at the CSIS Group.

The high number of installs for the app shows the great interest of users in getting firmware updates to improve the performance of their devices.

The “Updates for Samsung” app promises to keep devices always up to date.

Accordung to Kuprins, in reality, the bogus app only loads the updato[.]com website in a WebView (Android browser) component.

The site provides both free and paid (legitimate) Samsung firmware updates, operators attempt to monetize their efforts by infesting the pages with ads.

“How did the developer trick 10,000,000+ users into installing it? I am going to put my money on the fact that he or she named the app “Updates for Samsung”.” reads the analysis published by the expert. “It would be wrong to judge people for mistakenly going to the official application store for the firmware updates after buying a new Android device. Vendors frequently bundle their Android OS builds with an intimidating number of software and it can easily get confusing.”

The expert also discovered that the site limits the speed of free downloads to 56 KBps, and some free firmware downloads abort due to timing out.

Operators force crash the downloads in the attempt of pushing the users to get paid subscriptions for the downloads of the firmware. An annual subscription for Samsung firmware update downloads goes for $34.99, the app asks for user credit card info and sends it to an API endpoint under updato [ . ] com via HTTPS.

The app also claims to offer SIM card unlocking for any network operator, starting at $19.99, also, in this case, bypassing GooglePlay subscription for the payment.

The expert pointed out that the app doesn’t include any malicious code, it could be considered a tool used by crooks for a scam.

“Although not malicious in the traditional meaning of that term “Updates for Samsung” does not seem to offer users much of value besides a lighter wallet and as such highlights the risks of ignoring the fine print.” concludes the expert.

“We recommend users to follow Samsung’s designed procedure for downloading firmware updates. That is, by opening the “Settings” application on your Android device and navigating to the “About phone” -> “Software Update” menu. These updates are guaranteed to come directly from the vendor and are free of charge. “

Pierluigi Paganini

(SecurityAffairs – Updates for Samsung, scam)

Share this...

Linkedin Reddit Pinterest

Share On