Android malware continues to evolve. The latest batch takes a two-pronged attack at users susceptible to downloading free games and can end costing victims a lot of money. Lookout Mobile Security reports that these apps, dubbed RuFraud, are pirated clones or add-ons of popular games and other apps designed to send premium SMS messages without users consent.
This is not the first time we have seen pirated apps deliver Android malware. Nor is it the first time that the tactic of sending premium SMS messages has been used by malicious coders.
Lookout informed Google of nine RuFraud apps in the last week, all of which were removed by Google from the Android Market. Overnight, the malware makers posted another 13 apps that have also been pulled.
Basically, these apps have hidden terms of service and obscure permissions that trick the user into downloading a version of a popular game for free that will have the SMS access permission hidden in the code. Lookout says that the apps affected European users and did not affect North American users. The malicious apps know where a user is based off their SIM cards.
Sophos Security notes that the hackers also use what could be seen as Black Hat SEO tactics but on an application store level. Essentially, the games are pirated versions that many users know and trust. For instance, the cloned games are named Angry Birds FREE, Cut the Rope FREE, Great Little War Game FREE etc. The publisher, according to Sophos's Naked Security blog is named Logastrod and made "trojanized" verions of the apps. Here is a screen shot from Naked Security about the permissions one of the apps requesting.
Estimates on downloads of these apps range from 10,000 (Sophos) to 14,000 (Lookout). Sophos notes that these types of apps easily get through to the Android Market because the cost of becoming a developer in the Android Market is less than what a malicious hacker could make by putting these apps in the wild, even if they were only available for a short amount of time.
The nasty bit about these apps are how the malicious links are buried inside the ToS. It is hard to tell if an app is malicious at first glance because on permissions but it is always best to be safe and check an apps permissions before downloading it. Why does Cut the Rope need SMS permission?