Angry Birds malware attack on Android

A malware attack which secretly charged users for high cost texts each time they tried to open an app, has been uncovered in the UK.

Fake apps were posted to the Android app store for popular games including Angry Birds, Cut the Rope and Assassins Creed.

The scam was cut off by the UK phone services regulator PhonepayPlus, but not before an estimated 14,000 downloads of the fake apps were made worldwide.

The apps were advertised as free on the app store, but each time the app was launched, three high-cost (£5) text messages were sent to a premium service managed by the company A1 Aggregator Limited. The apps suppressed any actual outgoing and incoming messages, so only examination of the phone bill would reveal the charges.

PhonepayPlus did not confirm which other countries were targeted, but stated that the scam had been identified in 18 other countries.

A1 Agregator Limited has been fined being fined £50,000, and was ordered to repay all victims within the next three months. It has also been banned from launching any similar services.

Sophos senior technology consultant, Graham Cluley, confirmed on its blog, “Sophos experts have seen a rising trend for malware to be distributed in the form of bogus Android apps, hell bent on earning money from expensive SMS services or allowing the installation of further malicious code.”

“[Other] recent examples have included false versions of Angry Birds Space, Instagram, and even fake Android anti-virus products.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Get Powerful Protection for All of Your Mobile Devices

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.