Last week we reported on a malware called MMarketPay who bought paid apps on Android without notifying the user. This time new malware is making its rounds, and what makes this a dangerous bug is the fact that it pretends to be an application that many users know and love: Skype. Not only does it pretend to be this popular messenger app, but it goes as far as sending SMS messages to specific phone numbers without the user's consent. But that is not all. What's really dirty is that the money you have to pay for these unapproved messages goes straight into the pockets of unauthorized application developers.
Basically it works like this: the app presents itself as the standard Skype app, and once downloaded, it immediately starts sending messages to these premium numbers, which costs the user, and then goes directly to the bug makers. The biggest problem you will probably see is just the cost of messaging when your next bill arrives. Even if the victim notices a fake version of Skype and uninstalls it, many will probably forget that they accidentally downloaded the fake app, which becomes very confusing to track where the extra fees came from.
The fact that malware hides itself as a very popular app that makes it so dangerous. Skype is an established and trusted brand with over 663 million users, and most smartphone users will not think twice before downloading. Since the application can also make phone calls, requesting rogue applications to send SMS also seems logical, making it very dangerous malware.
So please … make sure you are downloading your apps from secure sources, such as the AndroidPIT App Center, before you press the download button. A member of the Microsoft Malware Protection Center said: "Just as you would if you take care of any valuable property, mobile users need to take appropriate precautions and security measures."
Always check and pay close attention before pressing the download button.