After some pretty poor publicity surrounding the security of the Android Market, Google introduced the Bouncer scanning system for a more effective means of securing incoming apps. Of course, that doesn’t account for the ignorance of some Android users, which at least one malware distributor is taking advantage of… and using Facebook as an alternate delivery mechanism. As a method of getting around the Android Market, it’s actually kind of ingenious - in a sneaky sort of way, of course.
First, you get a Facebook friend invite from a sketchy person you’ve never met (odds are it’s a young lady who looks like she’s really cold). If you accept the request, it directs you to its profile, where it presents a link for a file named “allnew.apk”. You download the file and (if you ignore your phone’s warnings about non-Market apps) you install it. At this point the app pulls the now-familiar stealth text move, sending SMS messages to a phoney number and charging your phone bill.
This malware still relies on ignorant users who don’t really understand how Android security works, but it’s a good example of the ever-evolving methods of digital thieves. If you read Android Community regularly, odds are you’re too slick for this action, but less tech-savvy users (and with 300 million, there are certainly a few) this is a real danger. Let your genuine Facebook friends know about the threat ,and report any Facebook users linking directly to sketchy apps as spam.[via SlashGear]