As expected, shady developers are now taking advantage of Candy Crush, one of the hottest gaming apps in both social networks and Android.
Recently, Candy Crush grabbed the top spot from FarmVille 2 as the most popular gaming app on Facebook. This boost in popularity, however, has its perils. In particular, Candy Crush’s popularity made it the perfect target for dubious developers and cybercriminals who want to lure and profit from fans of the game – similar to what happened with other popular mobile apps and games like Instagram, Bad Piggies, and Temple Run in the past.
In a development that surprised no one, we discovered fake Candy Crush apps online, proving that cybercriminals are indeed hoping to capitalize on the game’s current trending status. These apps contain code for the Leadbolt and Airpush ad networks; apps containing said code were some of the most prevalent found last year. (We detect these as ANDROIDOS_LEADBLT.HRY and ANDROIDOS_AIRPUSH.HRXV.)
Figure 1. Screenshot and notification of fake app
While not inherently malicious, adware can be abused by cybercriminals for their own gains. Adware not only uses aggressive advertising tactics such as persistent notifications, but also collects information about the user. This could be construed as a violation of the user’s privacy.
We’ve predicted that malicious and high-risk Android apps will hit 1 million sometime this year. This may sound like a huge number, but considering the number of Android malware for 2012 exceeded our expectations and the continuous popularity of the platform, it’s very plausible. Our own researcher, Rik Ferguson, noted in his blog post that 293,091 apps were found to be malicious and of these, 68,740 were found on the official Google Play store. Around 22% of these malicious apps were found to leak information about the user.
These figures can be daunting, but you can start small steps to protect yourself. For one, you make it a habit to read the app page e.g. app description, developer’s page, and comments. Comments can be a goldmine of information, since you’ll know what other users are saying about their experience with the app. Once you install any apps, make sure that you check out the permissions that they are asking for. For better protection, you can install security apps designed for devices, like Trend Micro Mobile Security Personal Edition, which can detect and delete malicious or high-risk Android apps.
- Fake Versions of Temple Run 2 Sprint Their Way to Users
- More Adware and PLANKTON Variants Seen in App Stores
- Cybercriminals Capitalize on Plants vs. Zombies 2 Hype
- 164 Unique Android Adware Still Online
- Malware Masquerades as Flash Player for Android
Incoming search terms
- candy crush virus
- candy crush malware
- candy crush viruses
- is candy crush a virus
- Malware in candy crush
- candy crush apps used for spyware
- is candy crush rewards a virus
- is candy crush got a virus
- is there a candy crush virus
- kandy crush is a virus
- malware candy
- twitter candy crush virus
- virus after candy crush
- virus associated with candy crush
- virus in candy crush