Angry Birds Malware Sparks $78,000 Fine - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Angry Birds Malware Sparks $78,000 Fine

British regulators crack down on Latvian company behind the RuFraud malware scheme that placed 27 fake versions of Android apps, including Angry Birds Space, on Google Play.

British regulators have levied fines of 50,000 in British Pounds ($78,000) on a Latvian company for its role in a scam campaign involving RuFraud malware hidden inside fake Android applications, which nearly bilked users out of 27,850 Pounds ($43,600).

All told, 27 RuFraud-hiding apps--including wallpaper apps for popular movies, as well as supposed downloaders for popular games, such as Angry Birds Space, Cut the Rope, and Assassin's Creed--were made available via the Android application market now known as Google Play. "Many of the fake apps were advertised as free, but when an unsuspecting smartphone owner downloaded the malicious app, premium rate text messages were charged to their phone bill," according to a blog post from mobile security firm Lookout, which spotted the RuFraud apps and worked with Google to remove them.

But the applications would charge users the equivalent of $23.50 every time they attempted to open the app. "These fake apps were advertised as free but contained malicious coding (malware) that charged the phone's account 15 [Pounds] every time the app was opened (usually charged through three 5 [Pound] premium rate texts)," according to a statement released by PhonepayPlus, which regulates the United Kingdom's premium-phone-number services. "The malware suppressed the sent and received text messages that notify users they have been charged. It was only when consumers received their bill that they were alerted to the fraudulent charges."

[ Mobile malware researchers are developing new crimefighting tools. See Researchers 'Map' Android Malware Genome. ]

The Android apps requested permission to send SMS messages that might result in the user being charged, and mentioned premium pricing in the applications' terms of service, although security experts said the disclosure was so buried that it would have been difficult to find.

All told, the malicious applications were downloaded 14,000 times and affected 1,391 mobile numbers in the United Kingdom. But PhonepayPlus said that thanks to the "industry's swift action in identifying the malware," it was able to quickly suspend the SMS premium shortcode used in the attacks, as well as to prevent any of the ill-gotten money from ever reaching A1 Agregator Limited, which "had control of, and responsibility for, the premium rate payment system which enabled the malware to fraudulently charge consumers' mobile phone accounts."

In addition to levying the 50,000 Pound fine against A1 Agregator, PhonepayPlus said that the company--which has an office in London, but which is based in Latvia--has three months to refund all affected users, whether or not they lodge a complaint.

When it came to the attack, A1 Agregator "didn't do the correct vetting," said a PhonepayPlus spokesman via phone, and thus enabled the scam to occur. "The idea for us is to make a company stop and think before they enable it, and also to make the U.K. unattractive--because they didn't get the money." That's thanks to all funds collected by country's premium-rate services being automatically held for 30 days before being released, and this attack having been spotted within the 30-day window.

According to Lookout, the RuFraud application scam targeted people in 18 countries, including not just Britain, but also France, Germany, Israel, Latvia, Poland, and Russia, although not the United States. But it's unclear how many people in the other 17 targeted countries may have been affected by the malware.

"It was very clever, it picked up on the correct country code based on which type of SIM card was in the phone," said the PhonepayPlus spokesman. He said his agency had informed other countries about the results of its investigation.

Whether the vector is a phishing scam, a lost iPod loaded with sensitive data, or an email-borne worm slithering through a public account, our Well-Meaning Employees--And How To Stop Them report gives you pointers on keeping well-meaning end users from blowing up your systems from the inside. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll