Angry Birds Malware Sparks $78,000 Fine - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Angry Birds Malware Sparks $78,000 Fine

British regulators crack down on Latvian company behind the RuFraud malware scheme that placed 27 fake versions of Android apps, including Angry Birds Space, on Google Play.

British regulators have levied fines of 50,000 in British Pounds ($78,000) on a Latvian company for its role in a scam campaign involving RuFraud malware hidden inside fake Android applications, which nearly bilked users out of 27,850 Pounds ($43,600).

All told, 27 RuFraud-hiding apps--including wallpaper apps for popular movies, as well as supposed downloaders for popular games, such as Angry Birds Space, Cut the Rope, and Assassin's Creed--were made available via the Android application market now known as Google Play. "Many of the fake apps were advertised as free, but when an unsuspecting smartphone owner downloaded the malicious app, premium rate text messages were charged to their phone bill," according to a blog post from mobile security firm Lookout, which spotted the RuFraud apps and worked with Google to remove them.

But the applications would charge users the equivalent of $23.50 every time they attempted to open the app. "These fake apps were advertised as free but contained malicious coding (malware) that charged the phone's account 15 [Pounds] every time the app was opened (usually charged through three 5 [Pound] premium rate texts)," according to a statement released by PhonepayPlus, which regulates the United Kingdom's premium-phone-number services. "The malware suppressed the sent and received text messages that notify users they have been charged. It was only when consumers received their bill that they were alerted to the fraudulent charges."

[ Mobile malware researchers are developing new crimefighting tools. See Researchers 'Map' Android Malware Genome. ]

The Android apps requested permission to send SMS messages that might result in the user being charged, and mentioned premium pricing in the applications' terms of service, although security experts said the disclosure was so buried that it would have been difficult to find.

All told, the malicious applications were downloaded 14,000 times and affected 1,391 mobile numbers in the United Kingdom. But PhonepayPlus said that thanks to the "industry's swift action in identifying the malware," it was able to quickly suspend the SMS premium shortcode used in the attacks, as well as to prevent any of the ill-gotten money from ever reaching A1 Agregator Limited, which "had control of, and responsibility for, the premium rate payment system which enabled the malware to fraudulently charge consumers' mobile phone accounts."

In addition to levying the 50,000 Pound fine against A1 Agregator, PhonepayPlus said that the company--which has an office in London, but which is based in Latvia--has three months to refund all affected users, whether or not they lodge a complaint.

When it came to the attack, A1 Agregator "didn't do the correct vetting," said a PhonepayPlus spokesman via phone, and thus enabled the scam to occur. "The idea for us is to make a company stop and think before they enable it, and also to make the U.K. unattractive--because they didn't get the money." That's thanks to all funds collected by country's premium-rate services being automatically held for 30 days before being released, and this attack having been spotted within the 30-day window.

According to Lookout, the RuFraud application scam targeted people in 18 countries, including not just Britain, but also France, Germany, Israel, Latvia, Poland, and Russia, although not the United States. But it's unclear how many people in the other 17 targeted countries may have been affected by the malware.

"It was very clever, it picked up on the correct country code based on which type of SIM card was in the phone," said the PhonepayPlus spokesman. He said his agency had informed other countries about the results of its investigation.

Whether the vector is a phishing scam, a lost iPod loaded with sensitive data, or an email-borne worm slithering through a public account, our Well-Meaning Employees--And How To Stop Them report gives you pointers on keeping well-meaning end users from blowing up your systems from the inside. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll