When the Summer Olympics roll around, you can count on some intense competition in key events like gymnastics. But for 2012, the action isn’t just on the mat. It seems that distributing and battling malware and phishing efforts disguised as Olympics apps and info are practically an exhibition sport this summer.
An app called “London Olympics Widget” seems harmless enough, but according to Bradley Webroot’s security blog, it actually rifles through your contacts, device info, and text messages.
It’s no longer available via the Google Play store, but it’s still listed on an Australian site aggregating Android apps, where there are plenty of the telltale signs of skeezy code, including this odd Gmail contact address and English grammar that’s not quite right.Other bits of evidence suggest the app isn’t what it appears to be it’s digitally signed from New Delhi, and its own screenshots reveal that, well, it’s a pretty lame-looking widget.
GFI Software also claims to have found Russian servers hosting sites posing as legit app stores to push out the nasty code to unsuspecting Android devices, making the former Soviet republic competitive in both the medal and malware count this year.
Hijacking Olympics fever for fits of digital nastiness didn’t originate with the 2012 Games, but using Android as the major vehicle for such efforts may have. Back in 2008, when the Games were in Beijing, more than a dozen different Trojan horses were spotted attached to e-mails with subject lines like “The Beijing 2008 Torch Relay.”
Those e-mail attacks are back for the London Games as well, and if you’ve been duped in the process of obsessively tracking the medal count, there’s a removal tool now available.
Bradley Associates also has this helpful list of some of the Olympics-related threats seen this summer. It’s a handy reference to check before you click.
You’ve been warned, Olympics fans. Now let’s get back to the Games. But just remember — there’s no place for Trojan horses in water polo.