Angry Birds malware attack on Android

  • CSO staff (CSO Online)
  • — 25 May, 2012 12:09

A malware attack which secretly charged users for high cost texts each time they tried to open an app, has been uncovered in the UK.

Fake apps were posted to the Android app store for popular games including Angry Birds, Cut the Rope and Assassins Creed.

The scam was cut off by the UK phone services regulator PhonepayPlus, but not before an estimated 14,000 downloads of the fake apps were made worldwide.

The apps were advertised as free on the app store, but each time the app was launched, three high-cost (£5) text messages were sent to a premium service managed by the company A1 Aggregator Limited. The apps suppressed any actual outgoing and incoming messages, so only examination of the phone bill would reveal the charges.

PhonepayPlus did not confirm which other countries were targeted, but stated that the scam had been identified in 18 other countries.

A1 Agregator Limited has been fined being fined £50,000, and was ordered to repay all victims within the next three months. It has also been banned from launching any similar services.

Sophos senior technology consultant, Graham Cluley, confirmed on its blog, “Sophos experts have seen a rising trend for malware to be distributed in the form of bogus Android apps, hell bent on earning money from expensive SMS services or allowing the installation of further malicious code.”

“[Other] recent examples have included false versions of Angry Birds Space, Instagram, and even fake Android anti-virus products.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Symantec draws new security picture

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Fraud Management Solutions

Reduce fraud losses regardless of channel by preventing cybercrime, identity theft, and other threats targeting your customers.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.