- Jan 24, 2011
- 9,378
An Android app by the name of "Music from VK" (Russian: Музыка из ВК) is prompting users for VK.com credentials, which it sends to the attacker's server, Russian security vendor Dr.Web reports.
The app is available via the official Google Play Store, where it has between 10,000 and 50,000 installs.
The app provides a simple function and allows users to listen to music uploaded on the Russian social network VK (formerly known as vKontakte).
App harvests VK credentials via popup login form
There are many similar apps, but Dr.Web researchers say that Music from VK, detected as the Android.PWS.Vk.3 trojan, will show a popup when it's launched for the first time, asking the user to log into his VK account.
Researchers say the app sends the credentials to a server under the attacker's control.
According to the security firm, the Music from VK app by developer MixHard is the third reinstallment of the Android.PWS.Vk.3 trojan, who also reached the official Google Play store as the "Music for VK" and "Music VK" applications by Dobrandrav.
While the last two are now delisted from the Play Store, the Music from VK app is still available for download.
Read more: Android App Shamelessly Harvests VK.com Credentials
The app is available via the official Google Play Store, where it has between 10,000 and 50,000 installs.
The app provides a simple function and allows users to listen to music uploaded on the Russian social network VK (formerly known as vKontakte).
App harvests VK credentials via popup login form
There are many similar apps, but Dr.Web researchers say that Music from VK, detected as the Android.PWS.Vk.3 trojan, will show a popup when it's launched for the first time, asking the user to log into his VK account.
Researchers say the app sends the credentials to a server under the attacker's control.
According to the security firm, the Music from VK app by developer MixHard is the third reinstallment of the Android.PWS.Vk.3 trojan, who also reached the official Google Play store as the "Music for VK" and "Music VK" applications by Dobrandrav.
While the last two are now delisted from the Play Store, the Music from VK app is still available for download.
Read more: Android App Shamelessly Harvests VK.com Credentials
