Malicious Android apps posed as Angry Birds and Cut the Rope in a scam that used premium rate text messages to defraud customers of £27,850.
The attack took place at the end of last year and affected 1,391 mobile numbers in the UK. Although regulator PhonepayPlus received just 34 complaints, all those who lost money will automatically be refunded. The most any individual is thought to have lost is £80.
The fake apps were planted in the Android Market, posing as Angry Birds, Assassins Creed, Cut the Rope and other popular titles. The ‘Trojanised’ attacks gained access to users’ phones when they were downloaded and then sent three premium rate text messages each time the app was opened, without the users’ knowledge. The total cost was therefore £15 each time the app was accessed, and a number of users attempted to start the app several times before realising it wasn’t working as the real apps would.
Although Google removes malicious apps from the Android Market, now called the Play Store, it does not vet apps before they are uploaded. PhonepayPlus found evidence of the app in 18 countries.
Premium rate SMS Trojans account for 36.4 per cent of malware on smartphones, the second largest form of malware after spyware, according to figures from Juniper Research. These Trojans sent premium rate messages without consent, providing direct revenue to criminals, PhonepayPlus claimed.
The malicious apps were posted to the Google Android Market in mid November and the first complaint was made to PhonepayPlus on November 28. The regulator requested immediate suspension of the text message shortcodes on December 16.
source: the telegraph