In the last several days, Google has pulled close to two dozen infected applications from the Android Market. These fraudulent malware apps allowed criminals to send profitable SMS messages which were then billed to the smartphone users. These apps looked like popular apps such as horoscopes, Assassin’s Creed Revelations, Angry Birds, Cut the Rope, other games, and wallpapers. This latest security move means the company has removed more than 100 malware-infected apps from the store in 2011.
The developer designed the malicious applications to cause smartphones to send text messages to premium numbers, which generates profits for the owner of those numbers.
The apps targeted people not living in North America – people living in Europe, central Asia, and Russia were at risk. The RuFraud apps (as they are known) borrowed bits and pieces from legitimate apps and attached the malicious codes to the downloads. In some cases, the apps looked much like the genuine article, but a discerning eye could probably pick out the fake versions. All of the fraudulent apps were available as free downloads.
Approximately 14,000 copies of fake games were downloaded by users before Google yanked the apps off the Android Market. The way the apps were set up, users could not download the app without granting SMS permissions. The apps declared that SMS charges could result. Unfortunately, many people were tricked by these app developers.
Some security experts are blaming Google. According to them, it’s far too easy to get apps published to the Market are way too easy, which allows virus-ridden applications available for download. Other store operators have more stringent requirements and also scan apps for malware before they are made available to download.
Fortunately, most malware is found fairly quickly on Android Market and once identified, gets pulled immediately. Usually only minutes go by between notification that an app is malware-infected and the time when Google pulls it from the Market.
The developer, Logastrod, is known for cloning apps, adding malicious code, and then uploading the fraudulent apps to the Android Market or other application store making it pose as the real deal.
To protect your Android smartphone, download and install an antivirus app made for Android smartphone and tablets. AVG makes a free app that scans apps, files, media, and settings. This prevents your phone from spyware, viruses, and online exploitation. It can also help you find your stolen or lost Android device. Currently rated at 4.5 stars by almost 180,000 users, AVG Mobilation is a fantastic way to keep your smartphone or tablet clean.
You may also mitigate the threat by installing a monitoring app on your Android smartphone. While a highly unusual approach to security, you will be surprised by its effectiveness. Monitoring apps like Mobistealth let you keep tabs on all inbound and outbound SMS text messages, and also give you detailed information about installed apps, including their permissions. Once identified, you can easily weed out fishy or malicious apps from your device, returning it to its secure state.
Another option to protect your device is to stay vigilant. Always read the requirements, comments, and permissions listed on the app. Any time you update an app, read the comments first. Also, never download an app that has less than three stars. It’s probably not worth your time, and might not work properly.