Throughout late September, we have noticed unofficial BlackBerry® messenger (BBM) applications being uploaded to the Google Play store and downloaded by millions of users. They were then later removed by Android security team.
The good news is that these fake apps only contained aggressive ad network components and no critical damage was done to the users installing it.
Blackberry and AndroidTM – what?
RIM, the manufacturer BlackBerry is about to release to Google Play an Android application called BlackBerry messenger (BBM)
What is this story is all about?
The official Android application of RIM was not yet published in Google Play but some unofficial versions or builds of these applications were leaked to the internet.
As you can see from the following blog post released by RIM, this unofficial beta leak caused RIM some problems and a delay in the official international release (http://blogs.blackberry.com/2013/09/bbm-for-android-iphone-launch-update/):
Unscrupulous developers used the delay in the official launch, and the surrounding media buzz to upload fake versions of BBM for Android, loaded with intrusive ad components to make a quick buck.
Here is an example of an unofficial application that could be downloaded from the Google Play store:
These unofficial BlackBerry versions contain advertising network properties so at least there’s no critical damage to the massive number of users who downloaded them. However, it could have been a different story if the authors have added some malicious component instead.
After installing these applications, they force the user to give the app a five star rating on the Google Play store stars and recommend it on Google+.
Here’s what the icon of this fake applications look like:
And here’s the request to rate the application:
The massive recommendations and reviews this application got that convinced others to download it.
We found at least nine fake applications that were uploaded to Google Play:
As explained earlier, all of the fake apps received got high user reviews and ratings.
Later users started to suspect there are not the official applications as you can see below a print screen of the reviews given to one of those applications:
As you can see, not all of the users are sure if this is a legit or fake.
Finally, the Android security team removed the fake applications from the store. Here’s an example:
We could see how one user downloading this application convinced others to download it and when the timing was right (users are aware that an Android application of BBM supposed to be released to Google Play soon) this only increases the affect.
This is an interesting vector or campaign and after the success of it (the app downloaded by millions) we can only predict there’re going to be other examples in the future.