Fake Samsung Firmware Update App Tricks More Than 10 Million Android Users

Over ten million users have been duped in installing a fake Samsung app named "Updates for Samsung" that promises firmware updates, but, in reality, redirects users to an ad-filled website and charges for firmware downloads. From a report: "I have contacted the Google Play Store and asked them to consider removing this app," Aleksejs Kuprins, malware analyst at the CSIS Security Group, told ZDNet this week in an interview, after publishing a report on the app's shady behavior earlier today. The app takes advantage of the difficulty in getting firmware and operating system updates for Samsung phones, hence the high number of users who have installed it. "It would be wrong to judge people for mistakenly going to the official application store for the firmware updates after buying a new Android device," the security researcher said. "Vendors frequently bundle their Android OS builds with an intimidating number of software, and it can easily get confusing."

Re:

[tripleevenfall]

This is the draw to me of the Apple platform, not just in mobile devices, but across their line. The products will not only still work, but will still be working well and will be up to date 4, 5, or more years down the road.

Re:

[fluffernutter]

Too restricted for me. Sorry about those rubes who installed this app but to me it's unforgivable that Apple treats people like children, and then uses that wall to extract more money from them. People need to understand their devices and what not to open no matter who their vendor is.

Re:

[kerashi]

Agreed, I can't stand that Apple devices don't "just work" when you download an mp3 file, or attach the phone to a computer via a USB cable. No, I had to install iTunes to manage my mom's iPhone SE. Which is pretty much the worst software available on Windows today, short of a ransomware infestation. I'm still happy with my Android phone (Google Pixel) and have no plans to move off of Android. That said, I also don't plan to ever buy a Samsung phone. Their update practices are so bad they're legendary.

Re:

[tripleevenfall]

As much as we dislike Apple around here, they are the one that seems most committed to protecting their users' privacy.

Re: LOL

[drewsup]

If you have a high end tablet...Sailfish OS

I ignore them.

[Anonymous Coward]

I'm getting those and I thought they were legit. I STILL ignored them.

Samsung is shit. Their software is shit. I can't uninstall it. I can't move it to the SD card and why oh why on a 8Gig phone, am I running out of memory?!
No, I do NOT take videos. NO I do not have a shit load of pictures - although, it does allow me to move those to the SD card. I delete emails. There's no reason for it.

Aside for the calendar, I use it only as a phone.

Now, Google is constantly updating software and it consumes more and

Re:

[MerlTurkin]

Like Starbucks, Apple's stuff is way overpriced. You can have them both. Not me.

The statistics speak for themselves

[xack]

The vast majority of Android users [statcounter.com] are forced to use old versions because manufacturers are too lazy to update. They are handing the whole situation to scammers by not having an easy update process.

Re:

[Carrot007]

> I don't even really like Apple stuff but it is why I have an iPhone.

I though you being here, you might know how to not instyall malware yourself and you know not need a curated store. Ahh it's not 2005 anymore is it?

Apple has been known to host shit too. Just a more stringent process (and for me that is a bad thing...).

I want a protable computer in a phone. Apple is not, it is a locked down piece of shit. Ok Google is not either, but I see no other SERIOUS options out there. I can still sideload. I can

Real security is defense in depth

[SuperKendall]

I though you being here, you might know how to not instyall malware yourself

He does. And I do.

But that doesn't matter if you hit some website that is hosting some zero day.

Nor does it matter if an app use use has source code hacked to embed something malicious.

Nor does it account for a vast array of Android apps that seem perfectly fine mining the hell out of everything you do - down to the system level, which is Google getting all data about everything you do.

Fundamentally the iPhone may have some of tho

Re:

[fluffernutter]

You know what? I don't go aorund opening everything and as such I have never been hacked. It's very simple, you don't have to buy a device that treats you like a child.

I can't sideload code onto my microwave, either.

[Brannon]

Is it treating me like a child? There are a dozen microprocessors in every automobile and the manufacturer makes it very difficult for users to write software to run on them--does that mean they are treating you like a child?

Not everybody wants a full general purpose computer in their pocket, just like people are happy to interact with restricted-function appliances all day long--there's nothing wrong with thinking of a smartphone as a restricted function computing appliance. Most Android users understan

Re:

[fluffernutter]

I'm not looking for a full computing device, I just want a device that plays the media file I have no matter what it is. I want it to be as easy for me to put that file on the device as it would be to buy it. If you think that's "full computing" then Apple really has you by the balls.

Re:

[fluffernutter]

The point is: You had to install VLC, use their stupid 'internal server thing' to transfer your file. I know, I did it to and it sucks.

Re:

[fluffernutter]

Why do all Apple apps have to have their own http servers for getting the files to them? Ask yourself how that is good design. I know Apple has the 'Files' app now, don't care what it does, it still operates in a sandbox. Too little too late.

Re:

[pauljlucas]

The vast majority of Android users are forced to use old versions because manufacturers are too lazy to update.

The problem predates Android. Back when PalmOS was all the rage, I owned two PalmOS-licensed phones (the 6035 and the 7135) manufactured by Kyocera. Users had to get PalmOS updates via Kyocera. We waited a long time. I learned my lesson: don't own a phone whose manufacturer doesn't also own the OS.

Say whatever else you want about Apple, but I'm currently running the latest iOS on my iPhone 6 (th

Re:

[ozmartian]

i'm still using an iPhone 5S from 2013... battery has expectedly degraded but still getting updates... the phone has been jailbroken many times in its past too but still working rock solid today albeit requiring a daily charge...

Re:

[thegarbz]

The vast majority of Android users couldn't really give a crap. OS updates are effectively irrelevant and haven't brought anything new to the table in years.

Re:

[bn-7bc]

Good enugh software support (ie update beon one year after sale) oh android did not do to well there, I winder why you left it out. Dom't get me wrong apples pricing is in the steep side, but personally i have a simple policy, when the software receives no more updates he device is no longer used. Software is never perfect nut at lest regularly updated software does not suffer from a long list of well known and well exploited bugs.

Re:

[drainbramage]

I get tempted, buy how would you determine it isn't a massive mess of malware?

The fake firmware can be easily identified.

[LordHighExecutioner]

If installed on an original Samsung phone, it prevents the explosion of the device.