Fake Plants vs. Zombie 2 link found on YouTube
A new wave of zombies is coming, and cybercriminals are in tow. The buzz surrounding the much anticipated Plants vs. Zombies sequel is drawing cybercriminals to take advantage of the hype.
The first wave of threat was detected around July 16, just a week after Plants vs. Zombies 2 was launched in Australia and New Zealand. Trend Micro found a link from a YouTube video page that redirected users to an online survey scam hosted on Blogger. No malware was detected.
By July 22, seven other Plants vs. Zombies 2-related threats spotted in Google Play were disguised either as downloaders or applications capable of pushing malicious ads to unsuspecting users.
TrendLabs fraud analyst Ruby Santos says the existence of these threats is nothing new. Cybercriminals always find a way to capitalize on any popular trends to lure unsuspecting users. In the past, they’ve targeted popular games like Candy Crush, Bad Piggies, and Temple Run.
Santos urges users to consider these tips so they can avoid getting scammed:
1. The usage of popular, up-and-coming sequels to high-profile game apps already available in the iOS App Store but not yet in Google Play
2. The fake apps asking for 5-star ratings and reviews before they could be ‘played’
3. The fake apps are free of charge, in contrast to the legitimate apps which cost money
Santos added that even if Google is creating safety measures on their store, users should not be complacent in downloading apps. The standard rules of safe app downloading still apply: they should only download from verified first-party sources, and avoid sideloading or downloading from suspicious ‘developers’ or unauthorized parties.
