One-click-fraud apps go from PC to Android

One-click-fraud apps that tempt victims with porn and trick them into paying sizeable sums to avoid embarrassment are popping up on Google Play in large numbers, reports Symantec.

The Android apps, which are used mostly in Japan, started appearing in Google's app store in the country in late January. Since then, the number counted by Symantec has grown to over 200 published by more than 50 developers. In the last two months, the apps have been downloaded at least 5,000 times.

The apps are a carryover from the world of PCs, where they have been a favorite of criminals for sometime. Whether on a notebook or an Android smartphone, the apps work in a similar fashion.

On the smartphone a person first downloads the app, which sometimes seeks network communication permission, but oftentimes does not require the user to accept any permissions at all. That's because the app is only used as a vehicle to fraudulent porn sites.

When people launch the app, it opens the phone's Web browser and takes them to a site that claims to have information on the visitors and demands money to keep it private.

"It's akin to ransomware in a way, but it's not locking your phone," said Satnam Narang, manager of Symantec Security Response. "The difference here is it's a shameful thing that you're viewing pornography."

Symantec does not know how much money has been collected through the scam, although the perpetrators can demand as much as $1,000, Symantec said in a blog post.

[Slide show: 10 tips for Android security]

In June 2012, Tokyo police arrested six men accused of fraud through the use of a one-click-fraud app offered through a third-party website. The group tricked 9,252 people into installing the app and conned 211 people into paying a total of $260,000. The gang also extracted personally identifiable information and stored it on a server.

While it is possible such apps could find their way to the U.S., there are no indications that they are headed this way. "It's certainly possible, but we have yet to see it," Narang said.

Symantec has reported the apps to Google, which has been removing them from the store. However, the number of apps popping up is an indication that developers are trying launch as many as possible in hopes that a few will go undetected long enough to find victims.

The developers are also building apps that are luring users by offering access to dating sites, which are considered sleazy in Japan.

Because anyone can build and distribute Android apps, criminals have been increasingly targeting the mobile OS with malware. In addition, there are no shortage of potential victims. More than half of the smartphones in the world are powered by Android.

Besides being used to steal data or extort money, Android malware has recently been discovered in targeted attacks against political activists in Europe.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsGoogle Playsecuritymobile securityclick fraudsoftwareData Protection | Wirelessdata protectionpornsymantecGoogle

More about AppleGoogleSamsungSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place