RuFraud Apps Taint the Android Market, Google Removes 9 Apps

Last month, reports of mobile malware attacks were on the rise, especially on Android devices.  This led to Google Open Source Programs Manager  Chris DiBona ranting on his Google+ page stating how pissed off he is that security companies are selling security products to consumers which they and their devices don’t need.  He stated that these companies are playing on the fears of the consumer and we shouldn’t buy into it.  But consumers should be wary–Android devices are under attack (again), and mobile malware only continues to get smarter.

According to Lookout Mobile Security, there’s a rash of premium SMS toll fraud apps targeting European consumers for the last few months.  The threat comes mostly  from free apps downloaded on  file sharing sites and alternative markets.

“Just this week there have been several waves of a new threat, RuFraud, posted to the official Android Market,” writes Lookout in an informative blog post this weekend.  “The initial batch appeared as horoscope apps with a fairly hidden ToS indicating charges. The initial application activity presents the user with a single option to continue, which is presumed to be an agreement to premium charges that are buried within layers of less than clear links. The Premium Short Codes used could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia as well as Great Britain, Italy, Israel, France, Great Britain, and Germany. North American users were not affected as the fraudulent SMS code is gated on the user’s country (as indicated by their SIM).”

Lookout notified Google that they found nine apps that were designed to appear more appealing to potential users, such as three wallpaper apps for popular movies (including Twilight), three apps purporting to be downloaders for popular games such as Angry Birds and Cut the Rope.  Since they were notified, Google pulled these apps from the Android Market.  Before the malicious apps were removed, only a handful of users downloaded them, so the severity of the threat is very low.

Though the nine apps were removed, 13 new malicious apps were posted just after the removal, posing as free version of popular games.  This time, more users have already downloaded the said apps, an estimated 14,000+ downloads have been reported.  The said apps were also taken down by Google, and Lookout deployed over-the-air update to protect Lookout users from RuFraud attacks.

Last week, Google reported that they’ve reached their 10 billionth app download in the Android Market, with games making up 25.6% of the total downloads.  Google reported that the top 10 countries gaga for apps are: South Korea, Hong Kong, Taiwan, US, Singapore, Sweden, Israel, Denmark, Netherlands and Norway.  And to celebrate their 10 billionth mark, they are now offering top paid pads at 90% off or at 10 cents per app.  At the start of December, Google was back at selling games on the Android Market in South Korea and they expected that there will be a massive increase in game downloads in the following weeks.  With more people downloading apps in the Android Market, mobile malware disguised as apps threaten to destroy their reputation.  So don’t fall victim to malicious apps, beef up your mobile security and don’t download apps claiming to be free versions of top paid apps.