San Francisco — In a swift move to combat fraudulent game apps called “RuFraud”, search engine titan Google has recently removed a slew of malware-infected apps from its official Android Market in the last several days after security researchers discovered that they contained hidden SMS-message-sending capabilities, allowing criminals to rack up profits at the expense of the smartphone users who downloaded seemingly innocent services, such as horoscopes, wallpapers and games.
While the deadly applications aimed at European users appeared like free copies of well-known programs, including Angry Birds and Need for Speed etc., but, as a matter of fact they were all just differently skinned versions of a malicious application known as RuFraud, which is designed for the purposes of SMS toll fraud. That means that the developer evokes the phones to send messages to premium numbers, thus generating profits for whoever owns that number.
According to San Francisco-based Lookout Mobile, a security firm focused on smartphones, said that it and other vendors had alerted Google of several recent waves of malicious apps–22 applications altogether–in its Android store that were posing as innocuous, free apps, but were really charging users’ phones to send and receive text messages on their behalf.
The search engine leader swiftly activated its security machinery into action has already removed the malicious applications, in addition to more than 100 malicious Android apps that it has yanked from its download distribution channel, said Lookout, but more reappeared over the weekend, disguising as “free versions of popular games.”
To date, there have been three waves of RuFraud attacks. Lookout Mobile Security uploaded information about RuFraud on its website, which appeared in batches of horoscope, wallpaper and games apps that used pop culture appeal in conjuring Angry Birds and “Twilight.”
Lookout discovered nine malware-infected apps last week, and another 13 over the weekend. Apart from this, Google has also pulled down five more apps from the Android Market that mobile-security firm Lookout alleges appear to be engaged in SMS fraud targeting Europeans. That brings the total number of apps removed that Lookout has dubbed “RuFraud” (Russian Fraud) to 27, the representative said.
Surprisingly, the recent wave of RuFraud attacks initially began with an horoscope apps, said Lookout, then moved on to Android phone wallpapers — including one for the Twilight series of movies — and the user download promises some bestselling games such as “Angry Birds” and “Cut the Rope,” then finished with a round of fake games, Lookout’s researchers said.
For instance, upon launching the app, the person sees a “To continue, click below” prompt above a giant Next button. By clicking the button, the user agrees to the sketchy terms of service agreement. And since the page has only one button, most people impatiently click through to get to their Robert Pattinson themed wallpaper images.
An example of the page that catches unsuspecting users with hidden charges, upon clicking continue.
According to Lookout Mobile’s senior security product manager Derek Halliday, the terms of service are very hard to unmask, and even if you are able to detect them, they are too complex to understand. Once the “Next” button is pushed, the app gives itself permission to send and receive texts on your phone, charging you each time it uses the SMS short code.
“We have seen this family of premium estimates fraud apps over the last couple of weeks, in a few different waves,” said Halliday in a statement.
Lookout elaborated: It seems that these apps may have reached a broader audience while published to the market: we estimate upwards of 14,000 downloads of these apps. Besides, the rates are buried within the terms of service, and users may not realize that they will be charged $5 per SMS, according to the firm.
Here is the most up-to-date list of the apps:
This is the list of 27 apps flagged by Lookout for alleged fraudulent behavior that have been removed from the Android Market. (Credit: Lookout)
Google declined to comment on the incident. Lookout Mobile Security SlideShow here.