Google Boots Fraudware Apps From Android Market - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile

Google Boots Fraudware Apps From Android Market

Fraudulent game apps send and receive expensive premium-rate SMS messages, racking up charges for unsuspecting users.

Lookout Mobile Security Protects Android Smartphones
Slideshow: Lookout Mobile Security Protects Android Smartphones
(click image for larger view and for slideshow)
Google has removed a slew of apps from the official Android Market after security researchers found that they contained hidden SMS-message-sending capabilities, allowing criminals to rack up profits at the expense of the smartphone user.

While the malicious applications looked like free copies of well-known programs, including Angry Birds, in reality they were all just differently skinned versions of a malicious application known as RuFraud, which is designed for the purposes of SMS toll fraud. That means that the developer causes the phones to send messages to premium numbers, thus generating profits for whoever owns that number.

Google has already removed the malicious applications.

To date, there have been three waves of RuFraud attacks. The first began last week, when attackers posted nine malicious apps to the Android Market that were identical, but skinned in different ways to make them more appealing. For example, one pretended to be wallpaper for the Twilight movies, while others claimed to be downloaders for such games as Angry Birds and Cut the Rope.

[ What is your biggest security problem? Read Database Security's Biggest Problem: People. ]

This week, meanwhile, horoscope applications containing RuFraud were posted to the Android Market. After Google removed those, fraudsters "posted 13 new supposed downloaders to the Android Market, once again positioned as free versions of popular games," said mobile security vendor Lookout. Whereas earlier malicious applications had been downloaded by relatively few numbers of people, it said that "these apps may have reached a broader audience while published to the market: We estimate upwards of 14,000 downloads of these apps."

The titles of the cloned games in question range from "Cut the Rope FREE" and "Assassin's Creed Revelations" to "Angry Birds FREE" and "Talking Larry the Bird Free."

The apps disclose on their permission screen their request to send SMS messages that may cost the user money. Interestingly, in at least some cases, buried in the RuFraud software's terms of service is a warning that using the application might result in SMS charges. "The initial application activity presents the user with a single option to continue, which is presumed to be an agreement to premium charges that are buried within layers of less than clear links," according to a blog post from Lookout, which discovered the malicious applications.

Based on the premium short codes coded into the application, the attack "could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia as well as Great Britain, Italy, Israel, France, and Germany," said Lookout. "North American users were not affected as the fraudulent SMS code is gated on the user's country (as indicated by their SIM)."

Vanja Svajce, a principal virus researcher at SophosLabs, said in a blog post that these attacks--executed by the malicious developer known as Logastrod--follow an established Android Market pattern: clone a real app, add malicious capabilities, then upload it back to the Android Market or another application store, pretending it's the real deal.

Likewise, RuFraud exploits a well-known Android attack vector. "Misusing premium SMS services is the most common model for malicious mobile malware," he said. "When a malicious app is installed, it starts sending or receiving messages, which makes the installation very expensive for the user. The damage is often seen only when it is too late, once a monthly bill is received."

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Augmented Analytics Drives Next Wave of AI, Machine Learning, BI
Jessica Davis, Senior Editor, Enterprise Apps,  3/19/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll