A firm that disguised Android malware as Angry Birds games has been fined £50,000 ($78,300) by UK premium-rate service regulator PhonepayPlus.
A1 Agregator posted mobile apps posing as smash-hit games, including Cut the Rope, on Android marketplaces and other outlets. Rather than offer free entertainment, the software silently sent out a text in order to receive a string of premium-rate messages, costing victims £5 per SMS. Users would have to uninstall the counterfeit apps from their phone to prevent further messages and charges.
The malicious code also covered up evidence of the message swapping which might have alerted punters to the whopping charges on their upcoming bills.
A total of 34 people, perhaps only a small percentage of those affected, complained to PhonepayPlus by the end of last year. In a ruling this month, the watchdog found A1 Agregator guilty of multiple breaches of its code of conduct and levied a fine of £50,000, estimated as the upper limit of the illicit profits made through the scam. A1 Agregator, which wasn't even registered with PhonepayPlus at the time of its offence, must refund defrauded victims in full within three months, whether they've complained or not.
It is understood the firm trousered £27,850 ($43,600) from the scam.
A1 Agregator - which was "formally reprimanded" over its behaviour - must also submit any other premium-rate services it develops to PhonepayPlus for approval over the next 12 months.
Premium-rate SMS scams account for 36.4 per cent of malware on smartphones, the second largest type after spyware, according to analysts Juniper Research.
And Carl Leonard, senior security research manager of EMEA at Websense, added: "Mobile apps are a powerful malware delivery technique as most users are willing to allow apps to do anything to get the desired functionality. Cyber criminals are beginning to use these malicious apps not only to make a quick buck but to also steal valuable data."
"For example, a malicious app could access the data on your phone, or access all of your contacts. This is particularly bad news for businesses that allow bring your own device (BYOD) schemes but don’t have the right security to protect their mobile data," he added.
Android virus evolution
Mobile malware scams first emerged in Russia and China several years ago. Fraudsters are beginning to turn to the West for victims, Kaspersky Lab warns.
"The mobile threat landscape is dominated by malware designed to run on Android – 65 per cent of all threats are aimed at this platform," said David Emm, senior security researcher at Kaspersky. "The platform is popular, it’s easy to write apps for it and it’s easy to distribute them via Google Play – so it’s little wonder that cybercriminals are making use of Google Play, where malware masquerades as a legitimate app."
"SMS Trojans, of the sort mentioned in the [PhonepayPlus] report, are currently the biggest category of mobile malware. And it’s important to understand that it’s not just a problem in Russia or China. Cybercriminals seek to make money from them across the globe, including here in the UK," he concluded.
In the past mobile malware often offered a free application as bait. During installation, the Trojan would display some kind of decoy error message. This prompted victims to search for answers on web forums and elsewhere - which was the last thing scammers want because it could lead marks to the realisation that they'd been suckered.
More recently cybercrooks have begun offering a bait that actually works. A blog post by F-Secure, published with a helpful video, describes an unrelated case of a Trojan installing a working copy of Rovio's Angry Birds Space as it compromises the phone. ®