Trend Micro has discovered a website offering different fake Skype mobile apps for Android.
When users try to download from sites hosting the fake Skype apps, the malicious site leads them to the .JAR file instead of the expected download .APK file for Android apps. Once executed, this malicious app sends SMS messages to specific numbers, incurring unnecessary charges for them. Although these fake Skype apps are marketed specifically to Android users, the malicious .JAR file can be executed on pre-Software Installation Script (SIS) Symbian phones or certain versions of Android which run Java MIDlet too.
Trend Micro defines five simple steps on how you can better secure your Android-based smartphones, and better protect yourself against malicious apps:
1. Use your smartphone’s built-in security features
2. Avoid using free, but unsecured Wi-Fi access
3. Scrutinize every app you download regardless of source
4. Understand the permissions you are allowing before accepting them
5. Consider investing in an effective mobile security app
Source: Trend Micro