Fake Samsung Firmware Update Installed 10 Million Times By Scammed Android Users Rips People Off
One of the smartest things that Samsung smartphones users can do is to keep their devices updated with the latest firmware from Samsung. Consistent updates allows them to have the latest security updates to help protect their device and personal data. A new report claims that 10 million Samsung smartphone users have downloaded an app from Google Play that is called "Updates for Samsung."
The users apparently thought that the app was an official app from Samsung, but what the app does is redirect users to a website filled with ads where they are charged for firmware updates. Samsung offers firmware updates for its smartphones at no cost. As of this writing, the "Updates for Samsung" app was still available for download (Do NOT download this. It's scamware) from Google Play.
The app was discovered by a malware analyst from CSIS Security Group called Aleksejs Kuprins. Having an app such as this that fools users is a big problem as it leads people to think there is a cost for firmware updates and many decide they don't want to pay for the update and stop updating their smartphone.
Often people assume apps on Google Play are safe to download and don't think of them as potentially nefarious. This is certainly not the case as Google Play continues to be packed with malware-laden apps that weaken security, risk personal data, and can render devices virtually useless due to ads. A recent study found that Google Play hosted thousands of malware-laden and counterfeit Android apps. Posing as an official app is one way that nefarious developers try and trick Android users.
Kuprins says that the "Updates for Samsung" app does allow the user to search for firmware updates specific to their device. However, the analyst says that the app was "stuffed with advertisement frameworks" and the distribution of Samsung firmware updates is part of a paid subscription plan. The app charged $34.99 annually to access Samsung's free device updates and asks the user to enter their credit card information on a website rather than via Google Play subscriptions.