Google boots 'RuFraud' apps from Android market
Nearly two dozen apps are removed after they're found to be charging premium SMS rates while posing as wallpaper or popular game apps.
Lookout is warning Android users in Europe about a slew of apps that showed up on the Android Market in the last week that aren't what they appear to be.
Google has removed 22 apps and suspended the developer accounts, a Google spokesman confirmed to CNET today.
The apps were purporting to be free versions of legitimate games or wallpaper. Instead, they appeared designed to do nothing more than charge premium SMS toll rates on European phones, Lookout said today. The rates are buried several levels deep within the terms of service, and users may not realize that they will be charged $5 per SMS, the mobile security firm said.
Technically, the apps aren't malware because they weren't acting on a security vulnerability. But they can still be pulled if they were not adequately disclosing the pricing terms or if they were infringing on copyrighted material.
Google removed nine identical applications last week that appeared as horoscope apps with hidden terms of service indicating charges. And over the weekend, 13 new apps were posted to the Android Market that purport to be free versions of popular games.
They appeared to be wallpaper apps for popular movies, like "Twilight," and downloaders for popular games such as Angry Birds and Cut the Rope, according to Lookout. The malware has been lumped together and labeled "RuFraud" for "Russian fraud," because a lot of the SMS toll fraud apps comes from Russian download sites, Derek Halliday, senior security product manager, said in an interview today.
The apps look at the country code of a phone's SIM card and if it matches one of the Eastern or Western European countries it targets, the mobile phone owner will see the higher SMS charges, he said.
"The initial application activity presents the user with a single option to continue, which is presumed to be an agreement to premium charges that are buried within layers of less than clear links," Lookout said in a blog post. "The Premium Short Codes used could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia as well as Great Britain, Italy, Israel, France, Great Britain, and Germany. North American users were not affected as the fraudulent SMS code is gated on the user's country (as indicated by their SIM)."
While the first nine apps were pulled so quickly only a handful of people had downloaded them, the second batch may have reached a broader audience before they were pulled by Google, Lookout said. "We estimate upwards of 14,000 downloads of these apps.
Lookout has deployed an over-the-air update that protects its users from all known instances of RuFraud, Halliday said.
"If you see things popping up on the market claiming to be free versions of apps you should be paying for it's probably too good to be true," said Tim Wyatt, principal security engineer at Lookout. People should use common sense, download from developers they trust and read the reviews, he and Halliday said.