Corporate Partners

Angry Birds malware attack on Android

A malware attack which secretly charged users for high cost texts each time they tried to open an app, has been uncovered in the UK.

Fake apps were posted to the Android app store for popular games including Angry Birds, Cut the Rope and Assassins Creed.

The scam was cut off by the UK phone services regulator PhonepayPlus, but not before an estimated 14,000 downloads of the fake apps were made worldwide.

The apps were advertised as free on the app store, but each time the app was launched, three high-cost (£5) text messages were sent to a premium service managed by the company A1 Aggregator Limited. The apps suppressed any actual outgoing and incoming messages, so only examination of the phone bill would reveal the charges.

PhonepayPlus did not confirm which other countries were targeted, but stated that the scam had been identified in 18 other countries.

A1 Agregator Limited has been fined being fined £50,000, and was ordered to repay all victims within the next three months. It has also been banned from launching any similar services.

Sophos senior technology consultant, Graham Cluley, confirmed on its blog, “Sophos experts have seen a rising trend for malware to be distributed in the form of bogus Android apps, hell bent on earning money from expensive SMS services or allowing the installation of further malicious code.”

“[Other] recent examples have included false versions of Angry Birds Space, Instagram, and even fake Android anti-virus products.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

More about Sophos

Comments

Comments are now closed

Market Place