Kaspersky lab expert Roel Schouwenberg said that he’s discovered most significantly a few pieces of scam-based bloatware geared to taking consumers’ money in exchange for an app that does…roughly nothing.
“Like many others, I took advantage of Amazon.com's sale and ordered a Kindle Fire HD last week,” he explained in the Kaspersky Lab blog. “When I got around to exploring the Amazon App Store, it didn't take long before running into malware. While searching for a particular benchmarking app I was presented with some additional apps. One of them immediately looked suspicious.”
That would be the Internet Accelerator Speed Up app, which claims to optimize the 3G connection on the tablet, but in actuality has no effect whatsoever. “This is basically the core functionality of the app,” said Schouwenberg. “When run, before showing some other messages, it will tell you that your connection has been optimized by 20–45%. That's it.”
The app comes with the AirPush ad framework, which led the researcher at first to be on the lookout for an adware scam. But on closer examination, it became clear that the actual app was very obviously put together quickly just to make a buck.
The developer of the app, noted as Valkov Venelin, also uploaded another fake paid offering, called the Shake Battery Charger. True to its name, it claims to extend battery life for the Kindle with a shake of the touchscreen – but it is, alas, too good to be true.
After a bit of online research, Schouwenberg found a Twitter account, and discovered that references in the app code to "Bapplz" match references in the social feed. That in turn leads to the discovery of a website called bapplz.com that hasn’t been updated since August.
“Clearly, the project seems abandoned even if it's still making the author some money,” he noted.
The Kindle Fire actually runs on a tailored version of Google’s Android operating system – a favorite of mobile hackers everywhere. While this particular piece of scamware is not too terribly damaging, Schouwenberg warns that Amazon will see an ongoing stream of malware thanks to its popularity and its lax app publishing policies.
“We detect these pieces of malware as HEUR:Hoax.AndroidOS.FakeBapp.a and have been in contact with Amazon.com about this,” he added. “The apps were previously available in Google Play as well, but had been removed at an earlier time.”