- Jan 24, 2011
- 9,378
Apps available in Google Play pretending to offer cheating tips for the popular Minecraft game tricked users into activating premium-rate SMS subscriptions.
During the past nine months, Lukas Stefanko from ESET says that they have uncovered no less than 33 such apps. Combined, they have been installed between 660,000 and 2.8 million times.
Users fooled to subscribe to premium service
After installing the rogue apps, users would not have access to any information helping them cut corners in the game. Instead, they would be presented with banners and advertisements saying that their Android device was infested with malware, providing a link to an alleged solution.
Stefanko says that, in an effort to make the scam appear credible, cybercriminals took advantage of the names of reputed mobile antivirus vendors, such as G Data.
The researcher informs in a blog post on Friday that the final goal of the scareware campaign was to subscribe the victim to a premium-rate messaging service that charged a weekly €4.80 / $5.30.
However, to make it to Google Play, the nefarious apps needed to have permissions that would fit their advertised purpose, which did not include SMS sending.
As such, duping the user relies on social engineering, which consists in preparing “an SMS in the system default SMS application. The text of the SMS appears as an activation of the antivirus product.”
Stefanko says that the language of the scareware advertisements is adapted to the geographic location of the device, which is not an unusual method with ransomware.
Read more: http://news.softpedia.com/news/Mali...Installed-At-Least-660-000-Times-482195.shtml
During the past nine months, Lukas Stefanko from ESET says that they have uncovered no less than 33 such apps. Combined, they have been installed between 660,000 and 2.8 million times.
Users fooled to subscribe to premium service
After installing the rogue apps, users would not have access to any information helping them cut corners in the game. Instead, they would be presented with banners and advertisements saying that their Android device was infested with malware, providing a link to an alleged solution.
Stefanko says that, in an effort to make the scam appear credible, cybercriminals took advantage of the names of reputed mobile antivirus vendors, such as G Data.
The researcher informs in a blog post on Friday that the final goal of the scareware campaign was to subscribe the victim to a premium-rate messaging service that charged a weekly €4.80 / $5.30.
However, to make it to Google Play, the nefarious apps needed to have permissions that would fit their advertised purpose, which did not include SMS sending.
As such, duping the user relies on social engineering, which consists in preparing “an SMS in the system default SMS application. The text of the SMS appears as an activation of the antivirus product.”
Stefanko says that the language of the scareware advertisements is adapted to the geographic location of the device, which is not an unusual method with ransomware.
Read more: http://news.softpedia.com/news/Mali...Installed-At-Least-660-000-Times-482195.shtml