ID: IRCNE2011121342
Date: 2011-12-13
According to “CNet”, Google has removed 22 apps from its Android Market and suspended the developer accounts, a Google spokesman confirmed.
The apps were purporting to be free versions of legitimate games or wallpaper. Instead, they appeared designed to do nothing more than charge premium SMS toll rates on European phones. The rates are buried several levels deep within the terms of service, and users may not realize that they will be charged $5 per SMS. Technically, the apps aren't malware because they weren't acting on a security vulnerability.
Google removed nine identical applications last week that appeared as horoscope apps with hidden terms of service indicating charges.
And over the weekend, 13 new apps were posted to the Android Market that purport to be free versions of popular games. They appeared to be wallpaper apps for popular movies, and downloaders for popular games such as Angry Birds. The malware has been lumped together and labeled "RuFraud" for "Russian fraud," because a lot of the SMS toll fraud apps comes from Russian download sites.
The apps look at the country code of a phone's SIM card and if it matches one of the European countries it targets, the mobile phone owner will see the higher SMS charges.
The initial application activity presents the user with a single option to continue, which is presumed to be an agreement to premium charges that are buried within layers of less than clear links. The Premium Short Codes used could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia as well as Great Britain, Italy, Israel, France, Great Britain, and Germany.
While the first nine apps were pulled so quickly only a handful of people had downloaded them, the second batch may have reached a broader audience before they were pulled by Google. Nearly 14,000 downloads of these apps is estimated.
- 2