Mobile
News
12/13/2011
10:55 AM
50%
50%

Google Boots Fraudware Apps From Android Market

Fraudulent game apps send and receive expensive premium-rate SMS messages, racking up charges for unsuspecting users.

Lookout Mobile Security Protects Android Smartphones
Slideshow: Lookout Mobile Security Protects Android Smartphones
(click image for larger view and for slideshow)
Google has removed a slew of apps from the official Android Market after security researchers found that they contained hidden SMS-message-sending capabilities, allowing criminals to rack up profits at the expense of the smartphone user.

While the malicious applications looked like free copies of well-known programs, including Angry Birds, in reality they were all just differently skinned versions of a malicious application known as RuFraud, which is designed for the purposes of SMS toll fraud. That means that the developer causes the phones to send messages to premium numbers, thus generating profits for whoever owns that number.

Google has already removed the malicious applications.

To date, there have been three waves of RuFraud attacks. The first began last week, when attackers posted nine malicious apps to the Android Market that were identical, but skinned in different ways to make them more appealing. For example, one pretended to be wallpaper for the Twilight movies, while others claimed to be downloaders for such games as Angry Birds and Cut the Rope.

[ What is your biggest security problem? Read Database Security's Biggest Problem: People. ]

This week, meanwhile, horoscope applications containing RuFraud were posted to the Android Market. After Google removed those, fraudsters "posted 13 new supposed downloaders to the Android Market, once again positioned as free versions of popular games," said mobile security vendor Lookout. Whereas earlier malicious applications had been downloaded by relatively few numbers of people, it said that "these apps may have reached a broader audience while published to the market: We estimate upwards of 14,000 downloads of these apps."

The titles of the cloned games in question range from "Cut the Rope FREE" and "Assassin's Creed Revelations" to "Angry Birds FREE" and "Talking Larry the Bird Free."

The apps disclose on their permission screen their request to send SMS messages that may cost the user money. Interestingly, in at least some cases, buried in the RuFraud software's terms of service is a warning that using the application might result in SMS charges. "The initial application activity presents the user with a single option to continue, which is presumed to be an agreement to premium charges that are buried within layers of less than clear links," according to a blog post from Lookout, which discovered the malicious applications.

Based on the premium short codes coded into the application, the attack "could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia as well as Great Britain, Italy, Israel, France, and Germany," said Lookout. "North American users were not affected as the fraudulent SMS code is gated on the user's country (as indicated by their SIM)."

Vanja Svajce, a principal virus researcher at SophosLabs, said in a blog post that these attacks--executed by the malicious developer known as Logastrod--follow an established Android Market pattern: clone a real app, add malicious capabilities, then upload it back to the Android Market or another application store, pretending it's the real deal.

Likewise, RuFraud exploits a well-known Android attack vector. "Misusing premium SMS services is the most common model for malicious mobile malware," he said. "When a malicious app is installed, it starts sending or receiving messages, which makes the installation very expensive for the user. The damage is often seen only when it is too late, once a monthly bill is received."

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.