Google Boots Fraudware Apps From Android Market - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Google Boots Fraudware Apps From Android Market

Fraudulent game apps send and receive expensive premium-rate SMS messages, racking up charges for unsuspecting users.

Lookout Mobile Security Protects Android Smartphones
Slideshow: Lookout Mobile Security Protects Android Smartphones
(click image for larger view and for slideshow)
Google has removed a slew of apps from the official Android Market after security researchers found that they contained hidden SMS-message-sending capabilities, allowing criminals to rack up profits at the expense of the smartphone user.

While the malicious applications looked like free copies of well-known programs, including Angry Birds, in reality they were all just differently skinned versions of a malicious application known as RuFraud, which is designed for the purposes of SMS toll fraud. That means that the developer causes the phones to send messages to premium numbers, thus generating profits for whoever owns that number.

Google has already removed the malicious applications.

To date, there have been three waves of RuFraud attacks. The first began last week, when attackers posted nine malicious apps to the Android Market that were identical, but skinned in different ways to make them more appealing. For example, one pretended to be wallpaper for the Twilight movies, while others claimed to be downloaders for such games as Angry Birds and Cut the Rope.

[ What is your biggest security problem? Read Database Security's Biggest Problem: People. ]

This week, meanwhile, horoscope applications containing RuFraud were posted to the Android Market. After Google removed those, fraudsters "posted 13 new supposed downloaders to the Android Market, once again positioned as free versions of popular games," said mobile security vendor Lookout. Whereas earlier malicious applications had been downloaded by relatively few numbers of people, it said that "these apps may have reached a broader audience while published to the market: We estimate upwards of 14,000 downloads of these apps."

The titles of the cloned games in question range from "Cut the Rope FREE" and "Assassin's Creed Revelations" to "Angry Birds FREE" and "Talking Larry the Bird Free."

The apps disclose on their permission screen their request to send SMS messages that may cost the user money. Interestingly, in at least some cases, buried in the RuFraud software's terms of service is a warning that using the application might result in SMS charges. "The initial application activity presents the user with a single option to continue, which is presumed to be an agreement to premium charges that are buried within layers of less than clear links," according to a blog post from Lookout, which discovered the malicious applications.

Based on the premium short codes coded into the application, the attack "could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia as well as Great Britain, Italy, Israel, France, and Germany," said Lookout. "North American users were not affected as the fraudulent SMS code is gated on the user's country (as indicated by their SIM)."

Vanja Svajce, a principal virus researcher at SophosLabs, said in a blog post that these attacks--executed by the malicious developer known as Logastrod--follow an established Android Market pattern: clone a real app, add malicious capabilities, then upload it back to the Android Market or another application store, pretending it's the real deal.

Likewise, RuFraud exploits a well-known Android attack vector. "Misusing premium SMS services is the most common model for malicious mobile malware," he said. "When a malicious app is installed, it starts sending or receiving messages, which makes the installation very expensive for the user. The damage is often seen only when it is too late, once a monthly bill is received."

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
10 Top Cloud Computing Startups
Cynthia Harvey, Freelance Journalist, InformationWeek,  8/3/2020
Adding Fuel to the MSP vs. In-house IT Debate
Andrew Froehlich, President & Lead Network Architect, West Gate Networks,  8/6/2020
How Enterprises Can Adopt Video Game Cloud Strategy
Joao-Pierre S. Ruth, Senior Writer,  7/28/2020
White Papers
Register for InformationWeek Newsletters
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Current Issue
Enterprise Automation: Do More with Less
In this IT Trend Report, we highlight the benefits of automation and the various tools as enterprises navigate turbulent times, try to do more with less, keep their operations running, and stay on track with digital modernizations.
Flash Poll