Mobile

Google removes 22 Android apps due to RuFraud mobile attack

Google has removed 22 applications from its Android marketplace in the past week due to RuFraud, a new mobile threat aimed at European users that charges users for text messages.

Lookout Mobile, a security firm focused on smartphones, alerted Google to applications in its Android store that were posing as innocuous, free apps, but were really charging users’ phones to send and receive text messages on their behalf.

The user downloads an app that promises wallpaper art, horoscope readings, or free popular games. Upon launching the app, the person sees a “To continue, click below” prompt above a giant Next button. By clicking the button, the user agrees to the sketchy terms of service agreement. And since the page has only one button, most people impatiently click through to get to their Robert Pattinson themed wallpaper images.

According to Lookout Mobile’s senior security product manager Derek Halliday, the terms of service are very hard to find, and if you can locate them, they’re too obscure to understand. Once the “Next” button is pushed, the app gives itself permission to send and receive texts on your phone, charging you each time it uses the SMS short code.

“We’ve seen this family of premium estimates fraud apps over the last couple of weeks, in a few different waves,” said Halliday in an interview with VentureBeat.

The first wave of apps were horoscope themed, though the actual apps, according to Halliday, weren’t built-out and only performed basic tasks. After the offending horoscope apps were removed from the store, new pop-culture themed wallpaper apps were released. The most recent collection of apps pretended to be free versions of popular games, with misleading titles such as, “Angry Birds (free).”

Currently, United States mobile users are unaffected since the app first reads the phone’s sim card to find its country of origin. U.S. sim cards have a block against the code these apps are using to send and receive text messages. Countries that are affected, however, include Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia, Great Britain, Italy, Israel, France and Germany.

Halliday explained the scam has been focused on Eastern European countries so far, but is starting to move its eye toward Western Europe.

Lookout Mobile originally alerted Google to nine of the apps that were posing this threat, which were promptly removed after only a handful of downloads. The company then located 13 more apps, which Google has also since removed. These apps had a larger download pool of about 14,000.

“A few versions will be published every few days or so,” said Halliday. “I can’t tell the future, but we’re going to be paying really close attention to it as it develops.”

Halliday also says his company is particularly watching for apps that might find their way into the United States.


Mobile developer or publisher? VentureBeat is studying mobile app analytics. Fill out our 5-minute survey, and we'll share the data with you.